I would like to suggest that we fill a very basic document that shows on Github as our security policy.
Below my proposal for a SECURITY.md :
===================================================================
# Security Policy
## Supported Versions
Currently the only supported version is the latest patch release of the
2.4.x stable branch.
## Security Updates
[Apache 2.4 Security Vulnerabilities](http://httpd.apache.org/security/vulnerabilities_24.html)
## Reporting a Vulnerability
For information on how to report a new security problem please see
[here](http://httpd.apache.org/security_report.html)
=========================================================================================
Any objections?
Regards
RĂ¼diger
Below my proposal for a SECURITY.md :
===================================================================
# Security Policy
## Supported Versions
Currently the only supported version is the latest patch release of the
2.4.x stable branch.
## Security Updates
[Apache 2.4 Security Vulnerabilities](http://httpd.apache.org/security/vulnerabilities_24.html)
## Reporting a Vulnerability
For information on how to report a new security problem please see
[here](http://httpd.apache.org/security_report.html)
=========================================================================================
Any objections?
Regards
RĂ¼diger