From 5f6aa0093c8afe6d84ee52dec7a2e880a119eefb Mon Sep 17 00:00:00 2001 From: Drew Smirnoff Date: Mon, 9 Mar 2026 22:17:26 +0400 Subject: [PATCH] chore: add SECURITY.md (#264) --- SECURITY.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000000000000000000000000000000000000..9981f4e1aac8f5c93b76c69b66916e1df285dd55 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,26 @@ +# Security Policy + +## Supported Versions + +Only the latest release of Matcha is supported with security updates. + +## Reporting a Vulnerability + +If you discover a security vulnerability in Matcha, please report it responsibly. **Do not open a public issue.** + +Email us at [us@floatpane.com](mailto:us@floatpane.com) with: + +- A description of the vulnerability +- Steps to reproduce the issue +- The potential impact +- Any suggested fixes (optional) + +We will acknowledge your report within 48 hours and aim to provide a fix or mitigation plan within 7 days, depending on severity. + +## Scope + +This policy covers the Matcha codebase and its official releases. Third-party dependencies are outside our direct control, but we will work to address reported issues in dependencies as quickly as possible. + +## Disclosure + +We ask that you give us reasonable time to address the issue before disclosing it publicly. We are committed to crediting reporters in release notes (unless you prefer to remain anonymous).