From 50eca6bda8d1a34733353020057e396e615a7fe9 Mon Sep 17 00:00:00 2001
From: Lorenz Diener <lorenzd@gmail.com>
Date: Fri, 22 Aug 2025 11:07:36 +0300
Subject: [PATCH] Create SECURITY.md

---
 SECURITY.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..f36ed26
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,17 @@
+# Security Policy
+
+## Supported Versions
+
+Mastodon.py makes an effort to always be as backwards-compatible as possible so that you can update to the newest 
+version without causing compatibility issues. As such, we're not generally going to backport any possible 
+security-related fixes to older versions - the supported version is the latest one.
+
+## Reporting a Vulnerability
+
+If you find a security vulnerability that you think is critical enough to warrant such caution, please 
+feel free to report it privately to halcy+mastopysec@halcy.de . I will try to respond as quickly as possible and
+work through it with you.
+
+A possible example of such a vulnerability would be a way for a malicious server instance to overwrite local files, 
+or execute code on a client. A *non-example* would be a vulnerability in Mastodon itself - please report these to
+Mastodon, not here, Mastodon.py does not *depend* on server software and as such is not transitively vulnerable.