From cf42f615662a529311fb56209a38d6a93d83d6d9 Mon Sep 17 00:00:00 2001
From: Matthew Holt <mholt@users.noreply.github.com>
Date: Fri, 24 Apr 2026 09:50:06 -0600
Subject: [PATCH] Typo fix in security policy

---
 .github/SECURITY.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/SECURITY.md b/.github/SECURITY.md
index 2b72b95b6..52f997149 100644
--- a/.github/SECURITY.md
+++ b/.github/SECURITY.md
@@ -8,7 +8,7 @@ The Caddy project would like to make sure that it stays on top of all relevant a
 | Version     | Supported |
 | ----------- | ----------|
 | 2.latest    | ✔️        |
-| <= 2.latest | :x:       |
+| < 2.latest | :x:       |
 
 
 ## Acceptable Scope
@@ -25,6 +25,8 @@ Client-side exploits are out of scope. In other words, it is not a bug in Caddy
 
 Security bugs in code dependencies (including Go's standard library) are out of scope. Instead, if a dependency has patched a relevant security bug, please feel free to open a public issue or pull request to update that dependency in our code.
 
+Many reports are not security bugs and can be addressed by updating the documentation.
+
 We accept security reports and patches, but do not assign CVEs, for code that has not been released with a non-prerelease tag.