From 7b04fb63a7a7e94caf615da5838e297983c0b8b7 Mon Sep 17 00:00:00 2001
From: Dave Cramer <davecramer@gmail.com>
Date: Wed, 9 Feb 2022 08:53:27 -0500
Subject: [PATCH] Update SECURITY.md

---
 SECURITY.md | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index f05f9ea502..2bdb3b41a2 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,15 +1,21 @@
 # Security Policy
 
-## Supported Versions
-
-Use this section to tell people about which versions of your project are
-currently being supported with security updates.
+1) We value backward compatibility, so we expect that upgrading pgjdbc versions should not involve code changes nor it should it require configuration changes.
+2) In the event that you are unable to upgrade, you might expect or ask for security fixes for the past versions as well. However, please raise the reason you unable to upgrade in the mailing list or in the issues
 
 | Version  | Supported          |
 | -------- | ------------------ |
-| 42.2.x   | :white_check_mark: |
-| 42.3.x   | :white_check_mark: |
-| < 42.2.x | :x:                |
+| 42.3.x   | security fixes, features, bug fixes |
+| 42.2.x   | (the latest branch that supports Java 6, and 7): security fixes, critical bug fixes only. |
+| < 42.2.x | security fixes (upon request) |
+
+The intention is to separate «we are eager fixing bugs» from «we can roll security releases».
+It would not be impossible for us to roll security fixes even for 9.4 versions if necessary.
+
+## Reporting a Vulnerability
+
+Please send reports of security issues to pgsql-jdbc-security@lists.postgresql.org
+
 
 ## Reporting a Vulnerability