create SECURITY.md fixes #3558

1 files changed, 16 insertions, 0 deletions

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..321935a0e
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,16 @@
+# Security Policy
+
+Security vulnerabilities can be reported for the current stable release (branch `stable`) and the `master` branch.
+
+We try to fix vulnerabilites as fast as possible, but please keep in mind that this is a project run by volunteers. Depending on the severity we may release hotfixes for the current stable release or may simply incorporate the fix in the next proper release.
+
+**This policy only applies to DokuWiki and the bundled plugins. Do not report issues about 3rd party plugins here.**
+
+## Reporting a Vulnerability
+
+You have multiple options on reporting vulnerabilities
+
+* Use [huntr.dev](https://www.huntr.dev/bounties/disclose/?target=https%3A%2F%2Fgithub.com%2Fsplitbrain%2Fdokuwiki%2F)
+* Send an e-mail to [Andi](mailto:andi@splitbrain.org)
+* Open a [Github Issue](https://github.com/splitbrain/dokuwiki/issues)
+* Send a mail to the [Mailing List](https://www.dokuwiki.org/mailinglist)