diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..7e5862bd
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,26 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported |
+|---|---|
+| Latest | Yes |
+| Older | No |
+
+Only the latest version receives security updates. Please update to the latest release.
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability, please report it responsibly:
+
+1. **Do not** open a public issue
+2. Email: **mauriceboe@icloud.com**
+3. Include a description of the vulnerability and steps to reproduce
+
+You will receive a response within 48 hours. Once confirmed, a fix will be released as soon as possible.
+
+## Scope
+
+This policy covers the NOMAD application and its Docker image (`mauriceboe/nomad`).
+
+Third-party dependencies are monitored via GitHub Dependabot.
diff --git a/server/package.json b/server/package.json
index 235c0597..98179908 100644
--- a/server/package.json
+++ b/server/package.json
@@ -1,6 +1,6 @@
 {
   "name": "nomad-server",
-  "version": "2.2.7",
+  "version": "2.2.8",
   "main": "src/index.js",
   "scripts": {
     "start": "node --experimental-sqlite src/index.js",