[logging-log4j1] branch security created (now 1ca611a6)

[pk...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

pkarwasz pushed a change to branch security
in repository https://gitbox.apache.org/repos/asf/logging-log4j1.git


      at 1ca611a6 Helps automatic detection of security policy

This branch includes the following new commits:

     new 1ca611a6 Helps automatic detection of security policy

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[logging-log4j1] 01/01: Helps automatic detection of security policy

[pk...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

pkarwasz pushed a commit to branch security
in repository https://gitbox.apache.org/repos/asf/logging-log4j1.git

commit 1ca611a68b71552550e1aa4db3cccbaa75929322
Author: Piotr P. Karwasz <pi...@karwasz.org>
AuthorDate: Tue Jan 3 19:46:07 2023 +0100

    Helps automatic detection of security policy
---
 SECURITY.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..aeec891a
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,13 @@
+# Security Policy
+
+## Supported Versions
+
+Since Log4j 1.2 reached end of life in 2015 (cf.
+[announcement](http://blogs.apache.org/foundation/entry/apache_logging_services_project_announces)) **no** version of
+Log4j 1.2 is currently supported. Users are encouraged to migrate to [Apache
+Log4j2](https://logging.apache.org/log4j/2.x/manual/migration.html).
+
+## Past Vulnerabilities
+
+See [Apache Log4j 1.2 Security Vulnerabilities](https://logging.apache.org/log4j/1.2/).
+