From 69d94b4a53c7cc54e16070eae8230338f915897f Mon Sep 17 00:00:00 2001
From: Jhonatan carvajal antigua
 <54653531+jcarvajalantigua@users.noreply.github.com>
Date: Tue, 14 Apr 2026 00:03:10 -0400
Subject: [PATCH] Add SECURITY.md for security policy and reporting

Added a security policy document outlining supported versions and vulnerability reporting procedures.
---
 SECURITY.md | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..1594798350
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,30 @@
+# Security Policy
+
+## Supported Versions
+
+Only the latest stable release receives security updates.
+Older versions are not actively maintained.
+
+| Version | Supported |
+| ------- | --------- |
+| 2.14.x (latest) | :white_check_mark: |
+| < 2.14.0 | :x: |
+
+Docker images: `jc21/nginx-proxy-manager:latest`, `jc21/nginx-proxy-manager:2`
+
+See all releases: https://github.com/NginxProxyManager/nginx-proxy-manager/releases
+
+## Reporting a Vulnerability
+
+**Do NOT open a public GitHub Issue to report a security vulnerability.**
+
+Use GitHub's private vulnerability reporting:
+https://github.com/NginxProxyManager/nginx-proxy-manager/security/advisories/new
+
+Please include:
+- Affected version (Docker image tag or release)
+- Description of the vulnerability
+- Steps to reproduce
+- Potential impact
+
+Once a fix is available, a public GitHub Security Advisory will be published.