Create security policy document

author Ben Darnell <ben@bendarnell.com>

Thu, 5 Jan 2023 16:40:24 +0000 (11:40 -0500)

committer GitHub <noreply@github.com>

Thu, 5 Jan 2023 16:40:24 +0000 (11:40 -0500)
author Ben Darnell <ben@bendarnell.com>
Thu, 5 Jan 2023 16:40:24 +0000 (11:40 -0500)
committer GitHub <noreply@github.com>
Thu, 5 Jan 2023 16:40:24 +0000 (11:40 -0500)
diff --git a/SECURITY.md b/SECURITY.md

new file mode 100644 (file)

index 0000000..5cd35cd
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,14 @@
+# Security Policy
+
+## Supported Versions
+
+In general, due to limited maintainer bandwidth, only the latest version of
+Tornado is supported with patch releases. Exceptions may be made depending
+on the severity of the bug and the feasibility of backporting a fix to
+older releases. 
+
+## Reporting a Vulnerability
+
+Tornado uses GitHub's security advisory functionality for private vulnerability
+reports. To make a private report, use the "Report a vulnerability" button on
+https://github.com/tornadoweb/tornado/security/advisories
author	Ben Darnell <ben@bendarnell.com>
	Thu, 5 Jan 2023 16:40:24 +0000 (11:40 -0500)
committer	GitHub <noreply@github.com>
	Thu, 5 Jan 2023 16:40:24 +0000 (11:40 -0500)