docs: add SECURITY.md with vulnerability reporting policy

jonathanperis · jonathanperis · commit a81bc81fc75b · 2026-04-02T21:29:05.000-03:00
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,16 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability, please report it responsibly by opening a [GitHub Security Advisory](../../security/advisories/new) instead of a public issue.
+
+Please include:
+- A description of the vulnerability and its potential impact
+- Steps to reproduce or proof-of-concept
+- Any suggested fixes or mitigations
+
+I will acknowledge the report within 48 hours and aim to release a fix as soon as possible.
+
+## Supported Versions
+
+Only the latest version on the `main` branch is actively supported with security updates.
