chore: add SECURITY.md

author: Nejc Habjan <nejc.habjan@siemens.com> 2023-02-05 23:56:57 +0100
committer: John Villalovos <john@sodarock.com> 2023-02-05 15:53:49 -0800
commit: 572ca3b6bfe190f8681eef24e72b15c1f8ba6da8 (patch)
tree: 6f7b05609dc6f41f96dd2efcf7c8a902d283624f
parent: fde2495dd1e97fd2f0e91063946bb08490b3952c (diff)
download: gitlab-572ca3b6bfe190f8681eef24e72b15c1f8ba6da8.tar.gz
1 files changed, 17 insertions, 0 deletions
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..ffdc9ab
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,17 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+python-gitlab is a thin wrapper and you should generally mostly ensure your transitive dependencies are kept up-to-date.
+
+However, if you find an issue that may be security relevant, please
+[Report a security vulnerability](https://github.com/python-gitlab/python-gitlab/security/advisories/new)
+on GitHub.
+
+Alternatively, if you cannot report vulnerabilities on GitHub,
+you can email the currently active maintainers listed in [AUTHORS](https://github.com/python-gitlab/python-gitlab/blob/main/AUTHORS).
+
+## Supported Versions
+
+We will typically apply fixes for the current major version. As the package is distributed on
+PyPI and GitLab's container registry, users are encouraged to always update to the latest version.
author	Nejc Habjan <nejc.habjan@siemens.com>	2023-02-05 23:56:57 +0100
committer	John Villalovos <john@sodarock.com>	2023-02-05 15:53:49 -0800
commit	572ca3b6bfe190f8681eef24e72b15c1f8ba6da8 (patch)
tree	6f7b05609dc6f41f96dd2efcf7c8a902d283624f
parent	fde2495dd1e97fd2f0e91063946bb08490b3952c (diff)
download	gitlab-572ca3b6bfe190f8681eef24e72b15c1f8ba6da8.tar.gz