Add SECURITY.md for security policy and reporting

Added a security policy document outlining supported versions and vulnerability reporting procedures.
2026-05-13 13:56:52 +00:00 · 2026-04-14 00:03:10 -04:00 · 2026-04-14 00:03:10 -04:00 · 69d94b4a53
commit 69d94b4a53
parent 34374cbe09
1 changed files with 30 additions and 0 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@ -0,0 +1,30 @@
+# Security Policy
+
+## Supported Versions
+
+Only the latest stable release receives security updates.
+Older versions are not actively maintained.
+
+| Version | Supported |
+| ------- | --------- |
+| 2.14.x (latest) | :white_check_mark: |
+| < 2.14.0 | :x: |
+
+Docker images: `jc21/nginx-proxy-manager:latest`, `jc21/nginx-proxy-manager:2`
+
+See all releases: https://github.com/NginxProxyManager/nginx-proxy-manager/releases
+
+## Reporting a Vulnerability
+
+**Do NOT open a public GitHub Issue to report a security vulnerability.**
+
+Use GitHub's private vulnerability reporting:
+https://github.com/NginxProxyManager/nginx-proxy-manager/security/advisories/new
+
+Please include:
+- Affected version (Docker image tag or release)
+- Description of the vulnerability
+- Steps to reproduce
+- Potential impact
+
+Once a fix is available, a public GitHub Security Advisory will be published.