From 64ed4710b9282d4547ee62883e3f496f2de31fb0 Mon Sep 17 00:00:00 2001
From: Jeffrey 'Alex' Clark <aclark@aclark.net>
Date: Thu, 9 Apr 2026 16:59:41 -0400
Subject: [PATCH] Fix version support matrix to reflect main-only security
 policy

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
 .github/INCIDENT_RESPONSE.md | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/.github/INCIDENT_RESPONSE.md b/.github/INCIDENT_RESPONSE.md
index 6fdbfff2e..921dfedd8 100644
--- a/.github/INCIDENT_RESPONSE.md
+++ b/.github/INCIDENT_RESPONSE.md
@@ -12,17 +12,18 @@ Maintaining readiness before an incident occurs reduces response time and errors
 
 ### 1.1 Version Support Matrix
 
-Only the following branches receive security fixes. Reporters should verify their affected
-version before filing; maintainers should cherry-pick fixes only to supported branches.
+Security fixes are applied to the **latest stable release only**. Users on older versions
+are expected to upgrade. This is consistent with Pillow's quarterly release cadence and
+is not currently documented elsewhere — reporters should assume only the latest release
+will receive a patch.
 
-| Branch | Status | Notes |
-|---|---|---|
-| `main` | ✅ Active development | Always patched |
-| Latest stable (e.g. `11.x`) | ✅ Security fixes | Current quarterly release series |
-| Previous stable (e.g. `10.x`) | ⚠️ Critical only | One release series back; Critical CVEs only |
-| Older branches | ❌ End of life | No security support; users must upgrade |
+| Branch | Status |
+|---|---|
+| `main` / latest stable | ✅ Security fixes applied |
+| All older releases | ❌ No security support — please upgrade |
 
-> Update this table with each quarterly release.
+> If backport support for older releases is ever added, update this table and document it
+> in [SECURITY.md](SECURITY.md).
 
 ### 1.2 Team Readiness