From bd74e7c9882ddd30ecf30c28a4ea2e1393d30a06 Mon Sep 17 00:00:00 2001
From: Damien Arrachequesne <damien.arrachequesne@gmail.com>
Date: Wed, 14 Dec 2022 07:42:42 +0100
Subject: [PATCH] chore: add security policy

---
 SECURITY.md | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..995eb076
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,23 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | `socket.io` version | Supported          |
+|---------|---------------------|--------------------|
+| 6.x     | 4.x                 | :white_check_mark: |
+| 4.x     | 3.x                 | :white_check_mark: |
+| 3.5.x   | 2.4.x               | :white_check_mark: |
+| < 3.5.0 | < 2.4.0             | :x:                |
+
+## Reporting a Vulnerability
+
+To report a security vulnerability in this package, please send an email to [@darrachequesne](https://github.com/darrachequesne) (see address in profile) describing the vulnerability and how to reproduce it.
+
+We will get back to you as soon as possible and publish a fix if necessary.
+
+:warning: IMPORTANT :warning: please do not create an issue in this repository, as attackers might take advantage of it. Thank you in advance for your responsible disclosure.
+
+## History
+
+- Jan 2022: [Uncaught exception in engine.io](https://github.com/socketio/engine.io/security/advisories/GHSA-273r-mgr4-v34f) (CVE-2022-21676)
+- Nov 2022: [Uncaught exception in engine.io](https://github.com/socketio/engine.io/security/advisories/GHSA-r7qp-cfhv-p84w) (CVE-2022-41940)