Add security policy (#57)

trasher · stonebuzz · cedric-anne · web-flow · commit f1275f9d6187 · 2025-07-01T10:09:31.000+02:00
* Add security policy

* Update SECURITY.md

Co-authored-by: Cédric Anne &lt;canne@teclib.com&gt;

---------

Co-authored-by: Stanislas &lt;skita@teclib.com&gt;
Co-authored-by: Cédric Anne &lt;canne@teclib.com&gt;
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,21 @@
+Security Policy
+
+**⚠️ Please never use standard issues to report security problems; vulnerabilities are published once a fix release is available. ⚠️**
+
+## Reporting a Vulnerability
+
+If you found a security issue, please contact us by mail at \[glpi-security AT ow2.org\].
+
+You should provide us all details about the issue and the way to reproduce it.
+You may also provide a script that can be used to check the issue exists.
+
+Once the report will be handled, and if the issue is not yet fixed (or in progress)
+we'll add it to the GitHub security tab, and add you as observer. Meanwhile,
+you will reserve a CVE for the issue.
+
+Thank you for improving the security of GLPI and its plugins.
+
+## Supported Versions
+
+We follow the same version support policy as GLPI.
+This means that we provide security patches to versions of the plugin that target a version of GLPI itself maintained from a security point of view. 
