Create SECURITY.md (#4538)

* Create SECURITY.md * Complete initial version of SECURITY.md * Fix PR link * Narrate our supported versions for security * Update SECURITY.md * Update SECURITY.md Co-authored-by: Nicola Corti <corti.nico@gmail.com> * Improve wording * Update SECURITY.md Co-authored-by: Nicola Corti <corti.nico@gmail.com> Co-authored-by: Chao Zhang <chao.zhang@instacart.com> Co-authored-by: Chao Zhang <zhangchao6865@gmail.com> Co-authored-by: Nicola Corti <corti.nico@gmail.com>
detekt · Feb 16, 2022 · f15ce50 · f15ce50
1 parent 2aad546
commit f15ce50
Showing 1 changed file with 17 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,17 @@
+# Security Policy
+
+## Versions
+
+Generally updating to the latest stable version will have all security issues addressed.
+- Security patches are applied up to the **current minor version**.
+- Earlier versions are not supported by default, but we will examine them on a case-by-case basis.
+
+| Version | Addressed issues                                                                                                 | Fix                                                 |
+|---------|------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------|
+| 1.20.0  | [CWE-611](https://cwe.mitre.org/data/definitions/611.html) Improper Restriction of XML External Entity Reference | [#4499](https://github.com/detekt/detekt/pull/4499) |
+
+## Reporting a Vulnerability
+
+Please report vulnerability to security@detekt.dev. 
+We commit to respond within 2 weeks. You may also find us in the [#detekt](https://kotlinlang.slack.com/archives/C88E12QH4) channel of [kotlinlang Slack](https://kotlinlang.slack.com/).
+If you have already reported on vulnerability disclosure platform, please include its link in the report.