From 7ce4a23e59462604e9deec57d257ff85235d73ab Mon Sep 17 00:00:00 2001
From: Ansgar Becker <ansgarbecker@users.noreply.github.com>
Date: Mon, 9 Feb 2026 09:35:43 +0100
Subject: [PATCH] feat: add security policy for supported versions and
 reporting

Refs #1591
---
 SECURITY.md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..2f52e4bc
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,19 @@
+# Security Policy
+
+## Supported Versions
+
+Currently supported releases with security updates:
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 12.x    | :white_check_mark: |
+| < 12.x  | :x:                |
+
+## Reporting a Vulnerability
+
+When reporting a vulnerability, please file a ticket here. You may also send an
+email to security@heidisql.com .
+
+It is important that the report is _valid_, and I am able to _understand_ the vulnerability impact.
+If so, you may expect an update within weeks, probably quicker. I'll do my best to keep the
+software and the user systems intact.