I would like to suggest that we fill a very basic document that shows on Github as our security policy. Below my proposal for a SECURITY.md :
=================================================================== # Security Policy ## Supported Versions Currently the only supported version is the latest patch release of the 2.4.x stable branch. ## Security Updates [Apache 2.4 Security Vulnerabilities](http://httpd.apache.org/security/vulnerabilities_24.html) ## Reporting a Vulnerability For information on how to report a new security problem please see [here](http://httpd.apache.org/security_report.html) ========================================================================================= Any objections? Regards RĂ¼diger
