docs: release v0.1.4 preparation (changelog, security, readme)

fabriziosalmi · fabriziosalmi · commit 5c5f32741ce0 · 2025-12-06T23:13:17.000+01:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -0,0 +1,30 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [v0.1.4] - 2025-12-06
+
+### Security
+- Fixed Panic vulnerability in `quic-go` by upgrading to `v0.54.0` (requires Caddy v2.10.x and Go 1.25).
+- Addressed Dependabot Alert #7.
+
+### Changed
+- Upgraded Caddy dependency to `v2.10.2`.
+- Upgraded Go requirement to `1.25`.
+- Improved CI workflows to use Go 1.25 for build and release.
+
+## [v0.1.3] - 2025-12-06
+### Fixed
+- Downgraded `quic-go` to `v0.48.2` and Caddy to `v2.9.1` to temporarily resolve Go version conflicts (superseded by v0.1.4).
+- Fixed import grouping for `gci` linter compliance.
+- Fixed GitHub Actions release workflow.
+
+## [v0.1.2] - 2025-12-06
+### Added
+- SOTA Engineering patterns (Zero-Copy headers, Wait-Free Ring Buffer, Circuit Breaker).
+- ASN Blocking support.
+- Configurable Request Body size limit.
+- GeoIP Fail Open configuration.
diff --git a/README.md b/README.md
@@ -62,6 +62,12 @@ curl -fsSL -H "Pragma: no-cache" https://raw.githubusercontent.com/fabriziosalmi
 
 ## 🚀 Installation
 
+### Prerequisites
+
+- [Go](https://golang.org/dl/) **1.25** or higher
+- [Caddy](https://caddyserver.com/docs/install) **v2.10.x** or higher (for building with this plugin)
+- [xcaddy](https://github.com/caddyserver/xcaddy) (for building Caddy with plugins)
+
 ```bash
 # Step 1: Clone the caddy-waf repository from GitHub
 git clone https://github.com/fabriziosalmi/caddy-waf.git
diff --git a/SECURITY.md b/SECURITY.md
@@ -4,12 +4,35 @@
 
 | Version | Supported          |
 | ------- | ------------------ |
-| current  | :white_check_mark: |
-
+| v0.1.x  | :white_check_mark: |
+| < 0.1.0 | :x:                |
 
 ## Reporting a Vulnerability
 
-There is automated security code scanning in place provided by GitHub. 
+We take the security of `caddy-waf` seriously. If you find a vulnerability, please report it!
+
+### How to Report
+
+Please do **NOT** open a public issue on GitHub. Instead, report the vulnerability via:
+
+1.  **Email**: Send the details to the maintainer (fabrizio.salmi@gmail.com).
+2.  **GitHub Private Advisory**: Open a private advisory draft on this repository if you have permissions, or contact the maintainer to enable it.
+
+### Required Information
+
+When reporting a vulnerability, please include:
+
+-   A description of the vulnerability.
+-   Steps to reproduce the issue (PoC code is helpful).
+-   Impact of the vulnerability.
+-   Affected versions.
+
+### Response Timeline
+
+-   We will acknowledge your report within 48 hours.
+-   We will provide an estimated timeline for the fix within 1 week.
+-   We will release a patch as soon as possible.
 
-Please open an issue to report a vulnerability.
+### Credit
 
+We will credit you in the release notes and changelog for responsibly disclosing vulnerabilities, unless you prefer to remain anonymous.
