From 402d5216433bd4e282e19a2149821ce50308b331 Mon Sep 17 00:00:00 2001
From: Alexander Kuzmenkov <36882414+akuzm@users.noreply.github.com>
Date: Mon, 28 Oct 2024 14:07:45 +0100
Subject: [PATCH] Add SECURITY.md

Same contents as the one in the TimescaleDB repo.
---
 SECURITY.md | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..a3218a2
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,24 @@
+# Security Policy
+
+We aim to keep TimescaleDB safe for everyone. 
+Publicly disclosing security bugs in a public forum can put everyone in the Timescale community at risk,
+however. Therefore, we ask that people follow the below instructions to report security vulnerability.
+The entire Timescale community thanks you!
+
+## Supported Versions
+
+The supported version is always the latest major release available in our repository.
+We also release regular minor versions with fixes and corrections alongside some new features as well as patchfix releases, that you should keep upgrading to.
+Vulnerability fixes are made available as part of these patchfix releases and you can read our list of [Security Advisories](https://github.com/timescale/timescaledb-docker/security/advisories?state=published).
+ 
+You can also take a look at our [Support Policy](https://www.timescale.com/legal/support-policy).
+
+
+## Reporting a Vulnerability
+
+If you find a vulnerability in our software, please email the Timescale Security Team at security@timescale.com.
+
+Please note that the e-mail address should only be used for reporting undisclosed security vulnerabilities in Timescale products and services. 
+Regular bug reports should be submitted as GitHub issues, while other _questions_ around security,
+compliance, or functionality can be made either through our support (for customers) or
+community channels (e.g., [Timescale Slack](https://slack.timescale.com/), [Forums](https://www.timescale.com/forums), etc.)