From 5647ed63a7781916a421f1ec94393463e681410b Mon Sep 17 00:00:00 2001
From: azabroflovski <azabroflovski@gmail.com>
Date: Sun, 5 May 2024 05:33:45 +0500
Subject: [PATCH] chore: add security.md file

---
 SECURITY.md | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..1170a6b
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,11 @@
+# Reporting a Vulnerability
+
+To report a vulnerability, please [create issue](https://github.com/azabroflovski/tiny-dialogue/issues/new).
+
+While the discovery of new vulnerabilities is rare, we also recommend always using the latest versions 
+of `tiny-dialogue` and its official companion libraries to ensure your application remains as secure as possible.
+
+Please note that we do not consider XSS via template expressions a valid attack vector, because 
+it can only happen if the user intentionally uses untrusted content as template compilation source. 
+This is similar to knowingly pasting untrusted scripts into a browser console. We explicitly warn users 
+against using untrusted content as template compilation source in our documentation.