From c4dc7d0781b4307feab810fd765cc14fc2731f89 Mon Sep 17 00:00:00 2001
From: Chuck McAndrew <6248903+dcmcand@users.noreply.github.com>
Date: Wed, 20 Mar 2024 20:48:49 -0400
Subject: [PATCH 1/3] Create SECURITY.md

---
 SECURITY.md | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000000..b89ecfe58b
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,11 @@
+# Security Policy
+
+## Supported Versions
+
+We support only the latest version, and we use [CalVer](https://calver.org/) for versioning.
+
+You should feel comfortable upgrading if you're using our documented public APIs and pay attention to `DeprecationWarnings`. Whenever there is a need to break compatibility, it is announced in the [Changelog](./CHANGELOG.md) and will raise a `DeprecationWarning` before it's finally really broken.
+
+## Reporting a Vulnerability
+
+If you think you found a vulnerability, please report it at [nebari/security](https://github.com/nebari-dev/nebari/security).

From 72ff6f96d869d69020b3b699d943ca8bab25066f Mon Sep 17 00:00:00 2001
From: Chuck McAndrew <6248903+dcmcand@users.noreply.github.com>
Date: Thu, 21 Mar 2024 08:36:10 -0400
Subject: [PATCH 2/3] Update SECURITY.md
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Michał Krassowski <5832902+krassowski@users.noreply.github.com>
---
 SECURITY.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SECURITY.md b/SECURITY.md
index b89ecfe58b..0a637b1b67 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -4,7 +4,7 @@
 
 We support only the latest version, and we use [CalVer](https://calver.org/) for versioning.
 
-You should feel comfortable upgrading if you're using our documented public APIs and pay attention to `DeprecationWarnings`. Whenever there is a need to break compatibility, it is announced in the [Changelog](./CHANGELOG.md) and will raise a `DeprecationWarning` before it's finally really broken.
+You should feel comfortable upgrading if you're using our documented public APIs and pay attention to `DeprecationWarnings`. Whenever there is a need to break compatibility, it is announced in the [Changelog](https://www.nebari.dev/docs/references/RELEASE) and will raise a `DeprecationWarning` before it's finally really broken.
 
 ## Reporting a Vulnerability
 

From 811806a2fb3205fe1e575e0fd6128d57a47a92a7 Mon Sep 17 00:00:00 2001
From: Chuck McAndrew <6248903+dcmcand@users.noreply.github.com>
Date: Thu, 21 Mar 2024 08:42:40 -0400
Subject: [PATCH 3/3] update security.md

---
 SECURITY.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SECURITY.md b/SECURITY.md
index 0a637b1b67..76f80ef924 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -8,4 +8,4 @@ You should feel comfortable upgrading if you're using our documented public APIs
 
 ## Reporting a Vulnerability
 
-If you think you found a vulnerability, please report it at [nebari/security](https://github.com/nebari-dev/nebari/security).
+If you think you found a vulnerability, please report it at [nebari/security](https://github.com/nebari-dev/nebari/security/new). Please do not report security vulnerabilities on our public issue tracker. Exposing vulnerabilities publicly without giving maintainers a chance to release a fix puts users at risk.