Create SECURITY.md

Author: jankapunkt

SECURITY.md

@@ -0,0 +1,24 @@
+# Security Policy
+
+## Supported Versions
+
+Use this section to tell people about which versions of your project are
+currently being supported with security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 4.x.x   | :white_check_mark: |
+| 3.x.x   | :white_check_mark: but only very critical security issues |
+| < 3 | :x: |
+
+## Reporting a Vulnerability
+
+Report security vulnerabilities to info[at]jankuester[dot]com
+
+Please specify exactly how the vulnerability is to be exploited so we can estime how severe the consequences can be (unless you also can specifiy them, too).
+Note, that we need to reproduce the vulnerability (as like with bugs) in order to safely fix it.
+
+A fix will be implemented in private until we can ensure the vulnerability is closed. A new release will immediately be published.
+If you want to provide a fix please let us know in the Email so we can setup a completely private repository to work on it together.
+
+Note, that security fixes will also require to pass all tests and audits.