Revise SECURITY.md for supported versions and reporting

sabman · web-flow · commit dea82839d31f · 2025-08-23T13:13:13.000+02:00
Updated the security policy to reflect current supported versions and reporting procedures.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,33 @@
+# Security Policy
+
+## Supported Versions
+
+We currently maintain security updates only for the latest stable release.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.0.x   | :white_check_mark: |
+| < 1.0   | :x:                |
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability in `geoai`, please help us keep the community safe by reporting it responsibly.
+
+- **Where to report:**  
+  Please open a [GitHub Security Advisory](https://github.com/decision-labs/geobase-ai.js/security/advisories/new) or email us at **security@geobase.app**.  
+  Do **not** open public GitHub issues for security vulnerabilities.
+
+- **What to include:**  
+  Provide as much detail as possible, including:
+  - A description of the vulnerability  
+  - Steps to reproduce  
+  - Potential impact  
+  - Suggested fixes (if any)  
+
+- **Response expectations:**  
+  We aim to acknowledge all vulnerability reports within **5 business days**.  
+  If accepted, we will work on a fix and coordinate a disclosure timeline with you.  
+  If declined, we will provide reasoning.
+
+- **Credit:**  
+  We are happy to acknowledge researchers who responsibly disclose vulnerabilities, unless you prefer to remain anonymous.
