[ticket/17478] Add security policy file

PHPBB-17478

SECURITY.md

@@ -0,0 +1,24 @@
+# Security Policy
+
+## Supported Versions
+
+Only phpBB 3.3 is currently supported. The table below lists provides an overview of phpBB versions and their current support state:
+
+| Version | Supported          | Comment                                                                                            |
+|---------|--------------------|----------------------------------------------------------------------------------------------------|
+| 4.0.x   | :x:                | Not released yet, still in development                                                             |
+| 3.3.x   | :white_check_mark: | Current stable release                                                                             |
+| 3.2.x   | :x:                | [End of Life (EoL) in Nov 2020](https://www.phpbb.com/community/viewtopic.php?t=2573411)           |
+| 3.1.x   | :x:                | [End of Life (EoL) in December 2017](https://www.phpbb.com/community/viewtopic.php?t=2453376)      |
+| 3.0.x   | :x:                | [End of Life (EoL) in November 2015](https://www.phpbb.com/community/viewtopic.php?f=14&t=2302466) |
+| < 3.0   | :x:                | [End of Life (EoL) in October 2008](https://www.phpbb.com/community/viewtopic.php?t=900655)        |
+
+## Reporting a Vulnerability
+
+There are multiple ways a potential security vulnerability can be reported:
+
+- HackerOne: [phpBB | Vulnerability Disclosure Program | HackerOne](https://hackerone.com/phpbb)
+- Send an email: [security@phpbb.com](mailto:security@phpbb.com)
+- Create a report in the security tracker: [Security Tracker](https://www.phpbb.com/security/)
+
+Please provide as much detail as possible when reporting a vulnerability. You can expect to receive an update on your report within a few days. If the vulnerability is accepted, we will work on a fix and keep you informed of the progress. If the vulnerability is declined, we will provide an explanation.