From 036b83a6b336899a66bfa524f6db712d820aab29 Mon Sep 17 00:00:00 2001
From: kwwall <kevin.w.wall@gmail.com>
Date: Thu, 30 May 2024 19:18:40 -0400
Subject: [PATCH] Added lead-in paragraph and updated 'Supported Versions'
 table.

---
 SECURITY.md | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index 455c21fc6..df4e09bfa 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,11 +1,19 @@
 # Security Policy
 
+In general, because the ESAPI core development is so small (3 people, all
+working full time jobs), we can only support the latest version of ESAPI.
+If you are locked in to some previous version and are unable to upgrade
+to the latest version, perhaps one or more of us might consider back-porting
+a patch (especially if it is the only way to address an ESAPI vulnerability),
+but if it is anything but trivial, we would charge a TBD consulting fee.
+
 ## Supported Versions
 
+
 | Version | Supported          |
 | ------- | ------------------ |
-| 2.5.1.0 (latest) | :white_check_mark: |
-| 2.1.0.1-2.5.0.0  | :x:, upgrade to latest release |
+| 2.5.4.0 (latest) | :white_check_mark: |
+| 2.1.0.1-2.5.3.1  | :x:, upgrade to latest release |
 | <= 1.4.x  | :x:, no longer supported AT ALL |
 
 ## Reporting a Vulnerability