From 2992379c0159a8266adbe3fd00d0ce7fac7c16b9 Mon Sep 17 00:00:00 2001
From: Gary Rennie <gazler@gmail.com>
Date: Mon, 9 Oct 2023 13:46:46 +0100
Subject: [PATCH] Add a security policy using GitHub advisories (#5591)

---
 SECURITY.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..5cfb9ea2ea
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,21 @@
+# Security Policy
+
+## Supported versions
+
+Phoenix applies bug fixes only to the latest minor branch. Security patches are
+available for the last 4 minor branches:
+
+Elixir version | Support
+:------------- | :-----------------------------
+1.7            | Bug fixes and security patches
+1.6            | Security patches only
+1.5            | Security patches only
+1.4            | Security patches only
+
+## Announcements
+
+[Security advisories will be published on GitHub](https://github.com/phoenixframework/phoenix/security).
+
+## Reporting a vulnerability
+
+[Please disclose security vulnerabilities privately via GitHub](https://github.com/phoenixframework/phoenix/security).