Add SECURITY.md to .github/

gaborbernat · pre-commit-ci[bot] · web-flow · commit 7d01327e395f · 2026-02-27T10:56:42.000Z
Add security policy so GitHub surfaces it under the Security tab.

---------

Co-authored-by: pre-commit-ci[bot] &lt;66853113+pre-commit-ci[bot]@users.noreply.github.com&gt;
diff --git a/.github/SECURITY.md b/.github/SECURITY.md
@@ -1,13 +1,23 @@
-# Security Policy
+# Reporting Vulnerabilities
 
-## Supported Versions
+**⚠️ Please do not file public GitHub issues for security vulnerabilities as they are open for everyone to see! ⚠️**
 
-| Version | Supported          |
-| ------- | ------------------ |
-| 0.8.0 + | :white_check_mark: |
-| < 0.8.0 | :x:                |
+We encourage responsible disclosure practices for security vulnerabilities.
 
 ## Reporting a Vulnerability
 
-To report a security vulnerability, please use the [Tidelift security contact](https://tidelift.com/security). Tidelift
-will coordinate the fix and disclosure.
+If you believe you've found a security-related bug, fill out a new
+vulnerability report via GitHub directly. To do so, follow these instructions:
+
+1. Click on the `Security` tab in the project repository.
+1. Click the green `Report a vulnerability` button at the top right corner.
+1. Fill in the form as accurately as you can, including as many details as possible.
+1. Click the green `Submit report` button at the bottom.
+
+## Don't have a GitHub account?
+
+Alternatively, to report a security vulnerability, please use the
+[Tidelift security contact](https://tidelift.com/security). Tidelift will coordinate the fix and disclosure.
+
+It is currently set up to forward every incoming report to Bernát Gábor. We will try to assess the problem in timely
+manner and disclose it in a responsible way.
