Red-DiscordBot/SECURITY.md

# Security Policy

## Supported Versions

The table below explains the current state of our versions. Currently, only version
3.5 and higher are supported and receive security updates. Versions lower than 3.5
are considered End of Life and will not receive any security updates.

| Version       | Branch     | Security Updates   | End of Life        |
|---------------|------------|--------------------|--------------------|
| < 2.0         | master     | :x:                | :white_check_mark: |
| >= 2.0, < 3.0 | develop    | :x:                | :white_check_mark: |
| >= 3.0, < 3.5 | V3/develop | :x:                | :white_check_mark: |
| >= 3.5        | V3/develop | :white_check_mark: | :x:                |


## Reporting a Vulnerability

For reporting vulnerabilities within Red-DiscordBot we make use of GitHub's
private vulnerability reporting feature (More information can be found
[here](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability)).
This ensures that all maintainers and key members have access to the reported
vulnerability.

### Opening a Vulnerability Report

To open a vulnerability report please fill out [this form](https://github.com/Cog-Creators/Red-DiscordBot/security/advisories/new)

You will be asked to provide a summary, details and proof of concept for your vulnerability report.
We ask that you fill out this form to the best of your ability, with as many details as possible.
Furthermore, you'll be asked to provide affected products and severity.
These fields are optional and will be filled appropriately by the maintainers if not provided.

### Timeline

We will try to answer your report within 7 days. If you haven't received an answer by then, we suggest you reach
out to us privately. This can best be done via our [Discord server](https://discord.gg/red), and contacting
a member who has the Staff role.