Revise security policy with new version support

ZengLiangYi · web-flow · commit c3239086d48b · 2026-05-15T15:50:10.000+08:00
Updated the security policy to include additional supported versions and improved reporting instructions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,34 @@
+# Security Policy
+
+## Supported Versions
+
+以下是当前受安全更新支持的版本：
+The following versions are currently supported with security updates:
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 0.4.x   | :white_check_mark: |
+| < 0.4   | :x:                |
+
+## Reporting a Vulnerability
+
+**请不要通过公开 Issue 报告安全漏洞。**
+**Please do NOT report security vulnerabilities through public Issues.**
+
+请通过 [GitHub Security Advisories](https://github.com/ZengLiangYi/ChatCrystal/security/advisories/new) 提交漏洞报告。
+Please report vulnerabilities via [GitHub Security Advisories](https://github.com/ZengLiangYi/ChatCrystal/security/advisories/new).
+
+报告时请包含：
+When reporting, please include:
+
+- 漏洞类型 / Type of vulnerability
+- 受影响的文件路径 / Affected file paths
+- 复现步骤 / Steps to reproduce
+- 潜在影响 / Potential impact
+
+### 你可以期待什么 / What to Expect
+
+- **72 小时内**确认收到报告 / Acknowledgement within **72 hours**
+- 漏洞被确认后，我们将开发并发布修复版本 / Once confirmed, we'll develop and release a fix
+- 修复发布后会公开致谢报告者（如你同意）/ Reporters will be credited after the fix ships (with your consent)
+- 如果报告不属于安全问题，我们会建议你改用普通 Issue 提交 / If the report isn't a security issue, we'll suggest opening a regular Issue instead
