From 163598a0e91a8c331bf7e22e1e58037740a8af83 Mon Sep 17 00:00:00 2001
From: Dennis Oelkers <dennis@graylog.com>
Date: Tue, 5 Nov 2024 13:19:23 +0100
Subject: [PATCH] Clarifying security policy, removing outdated versions.

This PR is removing ancient versions from the security policy and adjusts it according to our recent policy (last two versions, no time window of 12 months).
---
 SECURITY.md | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index 86624c3..b0b5182 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -2,15 +2,7 @@
 
 ## Supported Versions
 
-Graylog is addressing vulnerabilities in the product for the current and the previous releases (a release is anything that increases either the major or the minor version part, in a [semver](https://semver.org) understanding) of the last twelve months.
-
-For the current release (4.0) this means:
-
-| Version | Supported          |
-| ------- | ------------------ |
-| 4.0.x   | :white_check_mark: |
-| 3.3.x   | :white_check_mark: |
-| < 3.3.0 | :x:                |
+Any reported vulnerability will be fixed for the (affected) current and the previous releases (a release is anything that increases either the major or the minor version part, in a [semver](https://semver.org) understanding). For older versions, it will still be published as a security advisory and fixed if the effort is reasonable.
 
 ## Reporting a Vulnerability