Skip to content

docs: add security policy#559

Closed
JasonXuDeveloper wants to merge 3 commits intomasterfrom
docs/add-security-policy
Closed

docs: add security policy#559
JasonXuDeveloper wants to merge 3 commits intomasterfrom
docs/add-security-policy

Conversation

@JasonXuDeveloper
Copy link
Owner

@JasonXuDeveloper JasonXuDeveloper commented Jan 25, 2026
edited
Loading

Summary

  • Add SECURITY.md file to establish security policies for the project
  • Only JEngine 1.x versions are supported from 2026 onwards
  • Provides clear vulnerability reporting guidelines

What's Included

Supported Versions

Version Supported
1.x Yes
< 1.0 No

Vulnerability Reporting

  • GitHub Security Advisories (preferred method)
  • Email to jason@xgamedev.net
  • Guidelines on what information to include
  • Expected response timelines

Security Best Practices

  • Encryption recommendations (AES/ChaCha20 for production)
  • Code signing guidance
  • Network security tips
  • Dependency security notes

Why This Matters

GitHub uses SECURITY.md to:

  • Display security policy in the repository's Security tab
  • Guide security researchers on proper disclosure
  • Show users which versions receive security updates

Test plan

  • Review SECURITY.md content for accuracy
  • Verify email address is correct
  • Check that Security tab shows the policy after merge

🤖 Generated with Claude Code

@JasonXuDeveloper @claude
docs: add security policy
ea90eff 
Add SECURITY.md with:
- Supported versions policy (only 1.x from 2026)
- Vulnerability reporting guidelines
- Security best practices for JEngine users
- Dependency security notes

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Signed-off-by: JasonXuDeveloper - 傑 <jason@xgamedev.net>
Copilot AI review requested due to automatic review settings January 25, 2026 04:39
@JasonXuDeveloper JasonXuDeveloper enabled auto-merge (squash) January 25, 2026 04:40
Copilot AI reviewed Jan 25, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds a comprehensive SECURITY.md file to establish security policies and reporting procedures for the JEngine project. The document provides clear guidelines for vulnerability disclosure, supported versions, and security best practices.

Changes:

  • Added SECURITY.md with supported version policy (1.x only)
  • Established vulnerability reporting procedures via GitHub Security Advisories and email
  • Documented security best practices for encryption, code signing, and network security

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@claude
Copy link

claude bot commented Jan 25, 2026

Code review

No issues found. Checked for bugs and CLAUDE.md compliance.

@JasonXuDeveloper
Update SECURITY.md
8e33b59 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings January 25, 2026 04:43
@JasonXuDeveloper
Update SECURITY.md
488fd62 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@JasonXuDeveloper JasonXuDeveloper deleted the docs/add-security-policy branch January 25, 2026 04:44
Copilot AI reviewed Jan 25, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

SECURITY.md

| Date | Version | Security Changes |
|------|---------|------------------|
| January 2026 | 1.0.0+ | Initial security policy established |
Copy link

Copilot AI Jan 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The date entry "January 2026" is potentially problematic. The current date is January 25, 2026, so if this security policy is being established now, the date should be more specific (e.g., "January 25, 2026" or just "January 2026" is acceptable if intentionally kept vague). However, if version 1.0.0 was released in September 2025 (as stated in line 5), the security policy should reflect when it was actually established, not a future or approximate date.

Suggested change
| January 2026 | 1.0.0+ | Initial security policy established |
| September 2025 | 1.0.0+ | Initial security policy established |

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@JasonXuDeveloper