From 22a76560909fa72eef7588321be280e162f63b6b Mon Sep 17 00:00:00 2001
From: Dany Castillo <31006608+dcastil@users.noreply.github.com>
Date: Thu, 27 Jun 2024 21:20:58 +0200
Subject: [PATCH 1/2] Create SECURITY.md

---
 .github/SECURITY.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 .github/SECURITY.md

diff --git a/.github/SECURITY.md b/.github/SECURITY.md
new file mode 100644
index 0000000..7522680
--- /dev/null
+++ b/.github/SECURITY.md
@@ -0,0 +1,13 @@
+# Security Policy
+
+## Supported Versions
+
+Security updates are available for the two latest major versions.
+
+In the event of a security vulnerability in tailwind-merge, a patch release with a fix will be made to all affected latest major versions. I.e. if the two latest major versions of tailwind-merge would be `v9.3.4` and `v8.10.0` and a security vulnerability would get discovered which affected all versions from `v6.0.0` to `v9.3.4`, then at least the releases `v9.3.5` and `v8.10.1` would be made to fix the security vulnerability.
+
+## Reporting a Vulnerability
+
+Please report vulnerabilities privately via GitHub at https://github.com/dcastil/tailwind-merge/security.
+
+You can expect an answer from me within 24 hours most of the time. However, if I'm travelling and don't have good reception, it could take up to a few days. Usually I set my GitHub status to busy when I expect to be unresponsive for more than a day.

From 066db3b189eaac8820c8c6f01fd5be21578778e9 Mon Sep 17 00:00:00 2001
From: Dany Castillo <31006608+dcastil@users.noreply.github.com>
Date: Thu, 27 Jun 2024 21:29:55 +0200
Subject: [PATCH 2/2] Add backup email to security policy

---
 .github/SECURITY.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/SECURITY.md b/.github/SECURITY.md
index 7522680..aaabec4 100644
--- a/.github/SECURITY.md
+++ b/.github/SECURITY.md
@@ -10,4 +10,6 @@ In the event of a security vulnerability in tailwind-merge, a patch release with
 
 Please report vulnerabilities privately via GitHub at https://github.com/dcastil/tailwind-merge/security.
 
+In case it is not possible to report a vulnerability via GitHub, you can send me an email to metro_comical_03@icloud.com. However, I might change or disable this email address at any time depending on how much spam I get through it.
+
 You can expect an answer from me within 24 hours most of the time. However, if I'm travelling and don't have good reception, it could take up to a few days. Usually I set my GitHub status to busy when I expect to be unresponsive for more than a day.