From e8767f42b631618c78a321a259dd65fc0cc532ee Mon Sep 17 00:00:00 2001
From: Chris Lu <chrislusf@users.noreply.github.com>
Date: Fri, 17 Apr 2026 09:51:21 -0700
Subject: [PATCH] Add security policy for vulnerability reporting

---
 SECURITY.md | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..9437b564d
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,24 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you find a security issue in SeaweedFS, please report it privately:
+
+- Email: support@seaweedfs.com  
+- Do not open a public GitHub issue
+
+Please include:
+- A clear description of the issue
+- Steps to reproduce (if possible)
+- Affected versions
+
+## Response
+
+- We will respond as soon as possible (usually within 1 business day)  
+- We will investigate and work on a fix  
+- We may coordinate disclosure with you
+
+## Notes
+
+- Please allow time for a fix before public disclosure  
+- If you’re unsure whether something is a security issue, feel free to reach out