From 18bb9208ada23760f386941a7b30e353e1d87927 Mon Sep 17 00:00:00 2001
From: Shriyans Sudhi <shriyanss@ss0x00.com>
Date: Tue, 13 Jan 2026 11:22:08 -0500
Subject: [PATCH 1/2] Add security policy document.

This adds a SECURITY.md file that outlines the supported versions for security updates and provides instructions for reporting security vulnerabilities. The document specifies that version 2.20 is currently supported, and directs users to report vulnerabilities via email rather than through GitHub Issues.
---
 SECURITY.md | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..90e60fb060
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,25 @@
+# Security Policy
+
+## Supported Versions
+
+<!-- Please update the table below to reflect for which versions this project will receive security reports for -->
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 2.20   | :white_check_mark:  |
+| 2.19   | :x:                 |
+| 2.18   | :x:                 |
+| 2.17   | :x:                 |
+| <= 2.16   | :x:                 |
+
+## Reporting a Vulnerability
+
+**Please DO NOT report any security vulnerabilities through GitHub Issues**
+
+Rather, use the following email to report any security vulnerabilities:
+
+```
+<email_here>
+```
+
+We will respond to all security reports within `<number>` days.

From ea44743817371494d501616daf9509910eb1ad18 Mon Sep 17 00:00:00 2001
From: Shriyans Sudhi <shriyanss@ss0x00.com>
Date: Tue, 13 Jan 2026 11:30:32 -0500
Subject: [PATCH 2/2] Update security policy with expanded version support and
 contact email.

This updates the SECURITY.md file to mark versions 2.18 and 2.19 as supported in addition to 2.20, adds links to the release tags for each version, consolidates unsupported versions to "<=2.17", and replaces the placeholder email address with thewebworkproject@gmail.com for reporting security vulnerabilities.
---
 SECURITY.md | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index 90e60fb060..3e4e5d32b0 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -6,11 +6,10 @@
 
 | Version | Supported          |
 | ------- | ------------------ |
-| 2.20   | :white_check_mark:  |
-| 2.19   | :x:                 |
-| 2.18   | :x:                 |
-| 2.17   | :x:                 |
-| <= 2.16   | :x:                 |
+| [`2.20`](https://github.com/openwebwork/webwork2/releases/tag/WeBWorK-2.20)    | :white_check_mark: |
+| [`2.19`](https://github.com/openwebwork/webwork2/releases/tag/WeBWorK-2.19)    | :white_check_mark: |
+| [`2.18`](https://github.com/openwebwork/webwork2/releases/tag/WeBWorK-2.18)    | :white_check_mark: |
+| <=[`2.17`](https://github.com/openwebwork/webwork2/releases/tag/WeBWorK-2.17)  | :x:                |
 
 ## Reporting a Vulnerability
 
@@ -19,7 +18,7 @@
 Rather, use the following email to report any security vulnerabilities:
 
 ```
-<email_here>
+thewebworkproject@gmail.com
 ```
 
 We will respond to all security reports within `<number>` days.