Update security policy

Author: hayat01sh1da

SECURITY.md

@@ -2,19 +2,29 @@
 
 ## Supported Versions
 
-The following versions are currently supported with security updates:
+- Templates generated from the latest `master` commit are supported.
+- Older yearly/monthly templates are static snapshots and are not updated once
+	published.
 
-| Version | Supported          |
-| ------- | ------------------ |
-| 5.1.x   | :white_check_mark: |
-| 5.0.x   | :x:                |
-| 4.0.x   | :white_check_mark: |
-| < 4.0   | :x:                |
+## Ecosystem & Compatibility
 
-## Reporting a Vulnerability
+| Component            | Version(s) / Tooling            | Notes |
+| -------------------- | ------------------------------ | ----- |
+| OS baseline          | WSL (Ubuntu 24.04.3 LTS)       | Matches the README instructions. |
+| Ruby generators      | Ruby 4.0.1 (`.ruby-version`)   | Uses Ruby stdlib; add gems per script if needed. |
+| Python generators    | CPython 3.14.2 (`.python-version`) | Uses Python stdlib; add `requirements.txt` if introducing third-party libs. |
+
+## Backward Compatibility
 
-Use this section to tell people how to report a vulnerability.
+- Generated template formats stay consistent within a calendar year. If we
+	alter a file structure or naming convention, the change log will highlight
+	required migrations.
+- Scripts rely on Ruby 4.0.x / Python 3.14.x; earlier interpreter versions are
+	unsupported and will not get fixes.
+
+## Reporting a Vulnerability
 
-Tell them where to go, how often they can expect to get an update on a
-reported vulnerability, what to expect if the vulnerability is accepted or
-declined, etc.
+Report issues privately through GitHub’s **Security → Report a vulnerability**
+workflow or by emailing `security@project.org` with reproduction steps (e.g.,
+input prompts, generated filenames). Expect acknowledgement within **3 business
+days** and updates at least every **7 business days**.