From 66b32a697cf564cf8d64c4c3e488a8623bca8cdc Mon Sep 17 00:00:00 2001
From: Michael Fridman <mf192@icloud.com>
Date: Thu, 24 Feb 2022 20:15:24 -0500
Subject: [PATCH 1/2] Create SECURITY.md

---
 SECURITY.md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..d60db231
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,19 @@
+# Security Policy
+
+## Supported Versions
+
+As of February 2022 (and until this document is updated), the latest version `v4` is supported.
+
+## Reporting a Vulnerability
+
+If you think you found a vulnerability, and even if you are not sure, please report it to [@mfridman](http://github.com/mfridman) or one of the other [golang-jwt maintainers](https://github.com/orgs/golang-jwt/people). Please try be explicit, describe steps to reproduce the security issue with code example(s).
+
+You will receive a response within a timely manner. If the issue is confirmed, we will do our best to release a patch as soon as possible given the complexity of the problem.
+
+## Public Discussions
+
+Please avoid publicly discussing a potential security vulnerability.
+
+Let's take this offile and find a solution first, this limits the potential impact as much as possible.
+
+We appreciate your help!

From 00ca8e8df193d9372469fe8fbe8e502afecbed66 Mon Sep 17 00:00:00 2001
From: Christian Banse <oxisto@aybaze.com>
Date: Thu, 17 Mar 2022 00:57:02 +0100
Subject: [PATCH 2/2] Update SECURITY.md

Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
---
 SECURITY.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/SECURITY.md b/SECURITY.md
index d60db231..d937b12a 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -14,6 +14,6 @@ You will receive a response within a timely manner. If the issue is confirmed, w
 
 Please avoid publicly discussing a potential security vulnerability.
 
-Let's take this offile and find a solution first, this limits the potential impact as much as possible.
+Let's take this offline and find a solution first, this limits the potential impact as much as possible.
 
 We appreciate your help!