From bc524d70253a4ab2fe40c3ca3e5666e267c0a4d1 Mon Sep 17 00:00:00 2001
From: Lexi Winter <lexi@le-fay.org>
Date: Sun, 29 Jun 2025 19:25:29 +0100
Subject: import catch2 3.8.1

---
 SECURITY.md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 SECURITY.md

(limited to 'SECURITY.md')

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..b66bf73
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,19 @@
+# Security Policy
+
+## Supported Versions
+
+* Versions 1.x (branch Catch1.x) are no longer supported.
+* Versions 2.x (branch v2.x) are currently supported.
+* `devel` branch serves for stable-ish development and is supported,
+  but branches `devel-*` are considered short lived and are not supported separately.
+
+
+## Reporting a Vulnerability
+
+Due to its nature as a _unit_ test framework, Catch2 shouldn't interact
+with untrusted inputs and there shouldn't be many security vulnerabilities
+in it.
+
+However, if you find one you send email to martin <dot> horenovsky <at>
+gmail <dot> com. If you want to encrypt the email, my pgp key is
+`E29C 46F3 B8A7 5028 6079 3B7D ECC9 C20E 314B 2360`.
-- 
cgit v1.2.3