Create SECURITY.md

dovvnloading · web-flow · commit 4729ea63511a · 2025-10-20T15:25:27.000-04:00
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,37 @@
+# Security Policy
+
+## Supported Versions
+
+The Py2Exe project is committed to ensuring the security of its users. Security updates are provided for the most recent stable release. We encourage all users to stay on the latest version to receive patches and new features.
+
+| Version | Supported |
+| ------- | --------- |
+| 1.x     | Yes       |
+| < 1.0   | No        |
+
+## Reporting a Vulnerability
+
+We take all security vulnerabilities seriously. We appreciate the efforts of security researchers and the community in helping us maintain a high standard of security.
+
+**Please do not report security vulnerabilities through public GitHub issues.** Instead, please report them privately by emailing the project maintainer.
+
+**Email:** `devaux.mail@gmail.com`
+
+When reporting a vulnerability, please include the following to help us address the issue as quickly as possible:
+
+*   A clear description of the vulnerability and its potential impact.
+*   The version of Py2Exe affected.
+*   Detailed, step-by-step instructions to reproduce the vulnerability.
+*   Any proof-of-concept code, scripts, or screenshots that may be relevant.
+
+### Our Commitment
+
+Once a vulnerability is reported, we will make every effort to:
+
+1.  Acknowledge receipt of your report within 48-72 hours.
+2.  Provide an initial assessment of the vulnerability's severity and validity.
+3.  Keep you informed of our progress as we investigate and work on a fix.
+4.  Release a patch to address the vulnerability in a new version as soon as possible.
+5.  Offer public credit to you for your discovery, if you wish, once the vulnerability has been resolved.
+
+We thank you for your help in keeping Py2Exe secure.
