From bea446d892c0a733cd299bb56db54a237e11159f Mon Sep 17 00:00:00 2001
From: Claire <claire.github-309c@sitedethib.com>
Date: Tue, 8 Oct 2024 14:25:05 +0200
Subject: [PATCH] Update security policy for 4.1 branch (#32302)

---
 SECURITY.md | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index b14dc45bf7..43ab4454c4 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,8 +1,11 @@
 # Security Policy
 
-If you believe you've identified a security vulnerability in Mastodon (a bug that allows something to happen that shouldn't be possible), you can reach us at <security@joinmastodon.org>.
+If you believe you've identified a security vulnerability in Mastodon (a bug that allows something to happen that shouldn't be possible), you can either:
 
-You should *not* report such issues on GitHub or in other public spaces to give us time to publish a fix for the issue without exposing Mastodon's users to increased risk.
+- open a [GitHub security issue on the Mastodon project](https://github.com/mastodon/mastodon/security/advisories/new)
+- reach us at <security@joinmastodon.org>
+
+You should _not_ report such issues on public GitHub issues or in other public spaces to give us time to publish a fix for the issue without exposing Mastodon's users to increased risk.
 
 ## Scope
 
@@ -12,6 +15,7 @@ A "vulnerability in Mastodon" is a vulnerability in the code distributed through
 
 | Version | Supported        |
 | ------- | ---------------- |
+| 4.3.x   | Yes              |
 | 4.2.x   | Yes              |
-| 4.1.x   | Yes              |
+| 4.1.x   | Until 2025-04-08 |
 | < 4.1   | No               |