Skip to content

Commit 38263d4

Browse files
committed
Added SECURITY.md with EOL notice
1 parent 5b36f2a commit 38263d4

1 file changed

Lines changed: 37 additions & 0 deletions

File tree

SECURITY.md

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
# Security policy
2+
3+
## Reporting a vulnerability
4+
5+
We take the security of Material for MkDocs seriously. If you believe you have found a security vulnerability in Material for MkDocs, we encourage you to report it to us responsibly.
6+
7+
**Please do not report security vulnerabilities through public GitHub issues, pull requests, or discussions.**
8+
9+
Instead, please send a report to martin.donath@squidfunk.com with the following information:
10+
11+
1. A description of the vulnerability and its potential impact.
12+
2. The steps required to reproduce the issue.
13+
3. Any relevant files, screenshots, or proof-of-concept code.
14+
4. Your name and contact information, if you would like to be credited.
15+
16+
## Our commitment
17+
18+
We are committed to working with security researchers and our community to address vulnerabilities quickly and transparently. When you submit a report, you can expect the following:
19+
20+
- **Acknowledgement** within 3 business days of your report.
21+
- **Regular updates** on our progress as we investigate and address the issue.
22+
- **Confidentiality** – we will not share your personal information without your permission, and we ask that you keep the vulnerability confidential until we have had the opportunity to address it.
23+
- **Credit** – we are happy to acknowledge your contribution once the vulnerability has been resolved, if you would like.
24+
25+
## Supported versions
26+
27+
We release security fixes for the latest stable version of Material for MkDocs until its end-of-life date on **November 5, 2025**. We encourage all users to stay up to date with the latest release to ensure they benefit from all security patches.
28+
29+
After **November 5, 2025**, Material for MkDocs will no longer receive public security updates as part of standard maintenance.
30+
31+
Organizations with longer support requirements are welcome to contact us at martin.donath@squidfunk.com to discuss potential extended support options.
32+
33+
## Scope
34+
35+
This policy applies to vulnerabilities in the Material for MkDocs codebase. If you discover a vulnerability in a third-party dependency, please report it to the maintainers of that project directly.
36+
37+
We take dependency security seriously. We are deliberate in our selection of third-party dependencies, and we actively monitor and update them to ensure Material for MkDocs remains on the latest stable versions. If you believe a dependency we use poses a security risk, feel free to bring it to our attention at martin.donath@squidfunk.com.

0 commit comments

Comments
 (0)