docs: update security policy with current versions and disclosure process

satcfdi · Copilot · satcfdi · commit 1933fa34d6b4 · 2026-03-11T17:04:00.000-06:00
- Update supported versions to 4.9.x and 4.8.x (was 1.0.x)
- Replace template placeholders with actual reporting instructions
- Add responsible disclosure guidelines with contact email

Co-authored-by: Copilot &lt;223556219+Copilot@users.noreply.github.com&gt;
diff --git a/security.md b/security.md
@@ -2,17 +2,22 @@
 
 ## Supported Versions
 
-Use this section to tell people about which versions of your project are
-currently being supported with security updates.
-
 | Version | Supported          |
 | ------- | ------------------ |
-| 1.0.x   | :white_check_mark: |
+| 4.9.x   | :white_check_mark: |
+| 4.8.x   | :white_check_mark: |
+| < 4.8   | :x:                |
 
 ## Reporting a Vulnerability
 
-Use this section to tell people how to report a vulnerability.
+If you discover a security vulnerability in this project, please report it responsibly.
+
+**Please do not open a public GitHub issue for security vulnerabilities.**
+
+Instead, send an email to [satcfdi@outlook.com](mailto:satcfdi@outlook.com) with:
+
+- A description of the vulnerability
+- Steps to reproduce the issue
+- Any potential impact
 
-Tell them where to go, how often they can expect to get an update on a
-reported vulnerability, what to expect if the vulnerability is accepted or
-declined, etc.
+You can expect an initial response within 72 hours. We will work with you to understand and address the issue before any public disclosure.
