docs: update SECURITY example

The existing example should be easy enough to understand, but it's also easy enough to update for the current major releases for maximum clarity.
2024-04-18 13:43:27 -04:00 · 2024-04-18 13:43:27 -04:00 · 1f5146cdfa
parent 5ea02ed56f
commit 1f5146cdfa
1 changed files with 9 additions and 2 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@ -5,13 +5,20 @@
 Security fixes will be backported only to the rustls versions for which the
 original semver-compatible release was published less than 2 years ago.

-For example, as of 2023-06-13 the latest release is 0.21.1.
+For example, as of 2024-04-18 the latest release is 0.23.4.

+* 0.23.0 was released in February of 2024
+* 0.22.0 was released in December of 2023
 * 0.21.0 was released in March of 2023
 * 0.20.0 was released in September of 2021
 * 0.19.0 was released in November of 2020

-Therefore 0.20.x and 0.21.x will be updated, while 0.19.x will not be.
+Therefore 0.23.x, 0.22.x and 0.21.x will be updated, while 0.20.x and 0.19.x
+will not be.
+
+_Note: We use the date of `crates.io` publication when evaluating the security
+policy. For example, while the Rustls 0.20.0 GitHub release note was created
+Jul, 2023 the actual release in `crates.io` was published in Sept. 2021._

 ## Reporting a Vulnerability