diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..07a31d550
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,23 @@
+# Insecurity
+
+At the time this was written, No public version can correctly process requests headers, whether behind a proxy or not, rendering any access restrictions based on reading headers worthless.
+
+**Stop running the software, or atleast remove public access.**
+
+## No Support
+
+You are looking at my one-off fork. Its not supported *at all*.
+
+| Version | Status          |
+| ------- | ------------------ |
+| (this fork) | ❗ still additional SECURITY PROBLEMS ❗ |
+| 22.0.0  | (no release date set) |
+| 21.2.0  | ❗ KNOWN SECURITY PROBLEMS ❗ |
+| 20.0.0  | ❗ KNOWN SECURITY PROBLEMS ❗ |
+| < 20.0  | ❗ KNOWN SECURITY PROBLEMS ❗ |
+
+## Reporting a Vulnerability
+
+See what the upstream maintainer [Benoit Chesneau](https://github.com/benoitc) suggests, likely in the [repository section titled SECURITY](https://github.com/benoitc/gunicorn/security).
+
+If you found new HTTP parser flaws, consider dropping a note to [Ben Kallus](https://github.com/kenballus).