From 91cf13dc313cd7fef6f86c4ba4df22a92a6bc3ca Mon Sep 17 00:00:00 2001
From: Justin Bertram <jbertram@apache.org>
Date: Wed, 20 May 2026 15:10:23 -0500
Subject: [PATCH] ARTEMIS-6073 add SECURITY.md

This replaces the default SECURITY.md provided by Apache. It adds some
Artemis-specific context relevant for anyone looking to submit a
security report.
---
 SECURITY.md | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000000..e1bf2b7b593
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,24 @@
+# Apache Artemis Security Policy
+
+Artemis is a project of the [Apache Software Foundation](https://apache.org) and follows the ASF [vulnerability handling process](https://apache.org/security/#vulnerability-handling).
+
+## Reporting a Vulnerability
+
+To report a new vulnerability you have discovered please follow the [ASF vulnerability reporting process](https://security.apache.org/report/).
+
+Be sure to check [Artemis' existing security advisories](https://artemis.apache.org/security-advisories) to ensure you're not reporting something that's already been resolved.
+
+## Supported Versions
+
+Security updates are provided for the following versions:
+
+| Version | Supported          |
+|---------|--------------------|
+| 2.x     | :white_check_mark: |
+| 1.x     | :x:                |
+
+We recommend always using the latest stable release to ensure you have the most recent security fixes.
+
+## Security Severity Rating system
+
+Apache Artemis uses [Apache's vulnerability severity rating system](https://security.apache.org/blog/severityrating/).