Create SECURITY.md

chrjohn · web-flow · commit d8c729c470e3 · 2020-04-23T00:35:05.000+02:00
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,19 @@
+# Security Policy
+
+## Supported Versions
+
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 2.1.x   | :white_check_mark: |
+| < 2.1.x | :x:                |
+
+## Reporting a Vulnerability
+
+QuickFIX/J welcomes and appreciates responsible disclosure. Contributors are given appropriate credit in release notes and Git logs.
+
+For security issues in QuickFIX/J itself contact the project maintainer: christoph.john-at-macd.com
+
+For security issues in libraries used by QuickFIX/J contact the relevant project team (e.g. for Apache MINA: https://www.apache.org/security/ ). If you feel they are particularly exploitable via QuickFIX/J also feel free to follow up with the project maintainer as above so that we upgrade to the new version in a timely fashion.
+
+Once a security issue is fixed in QuickFIX/J it will be communicated via the user mailing list and other appropriate channels.
