From: Sarah Hoffmann <lonvia@denofr.de>
Date: Wed, 22 Feb 2023 10:24:04 +0000 (+0100)
Subject: add latest security incident
X-Git-Tag: v4.3.0~93
X-Git-Url: https://git.openstreetmap.org./nominatim.git/commitdiff_plain/8191c747b964530f67b064b43954e13a5b1a0791

add latest security incident

Also removes 3.6 which is no longer supported.
---

diff --git a/SECURITY.md b/SECURITY.md
index e8e6fcad..d023c1e5 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -13,7 +13,6 @@ versions.
 | 4.1.x   | 2024-08-05                          |
 | 4.0.x   | 2023-11-02                          |
 | 3.7.x   | 2023-04-05                          |
-| 3.6.x   | 2022-12-12                          |
 
 ## Reporting a Vulnerability
 
@@ -38,3 +37,4 @@ incident. Announcements will also be published at the
 ## List of Previous Incidents
 
 * 2020-05-04 - [SQL injection issue on /details endpoint](https://lists.openstreetmap.org/pipermail/geocoding/2020-May/002012.html)
+* 2023-02-21 - [cross-site scripting vulnerability](https://nominatim.org/2023/02/21/release-421.html)