From 563a24c6731a55aea072f02c0ad217116ad53ab1 Mon Sep 17 00:00:00 2001
From: Vishal Kumar Singh <vishal.kr.singh2021@gmail.com>
Date: Sat, 16 May 2026 14:46:39 +0530
Subject: [PATCH] Add Supported Versions table to SECURITY.md

Add a table describing which release branches receive security patches, following the format used by OpenImageIO.

Fixes #2032

Signed-off-by: Vishal Kumar Singh <vishal.kr.singh2021@gmail.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
---
 SECURITY.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/SECURITY.md b/SECURITY.md
index a3f8990a4..55a0eccc9 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -12,6 +12,18 @@ Users should exercise caution when working with untrusted data (config files,
 LUTs, etc.). OCIO takes every precaution to read only valid data, but it 
 would be naive to say our code is immune to every exploit.
 
+## Supported Versions
+
+This gives guidance about which branches are supported with patches to 
+security vulnerabilities.
+
+| Version / branch  | Supported |
+| ----------------- | --------- |
+| main              | :white_check_mark: :construction: All fixes immediately, but this branch is under active development with a frequently changing API and ABI. |
+| 2.5.x (RB-2.5)    | :white_check_mark: All security fixes that can be backported without breaking ABI compatibility. |
+| 2.4.x (RB-2.4)    | :warning: Critical security fixes only. |
+| <= 2.3.x          | :x: No longer receiving patches. |
+
 ## Reporting Vulnerabilities
 
 Quickly resolving security related issues is a priority. The best way to report a