diff --git a/content/en/docs/v4.1/21-security/01-security-policy.adoc b/content/en/docs/v4.1/21-security/01-security-policy.adoc
new file mode 100644
index 000000000..19ff18a4e
--- /dev/null
+++ b/content/en/docs/v4.1/21-security/01-security-policy.adoc
@@ -0,0 +1,77 @@
+---
+title: "Security Policy"
+keywords: "Kubernetes, KubeSphere, Security Policy"
+description: "KubeSphere security policy."
+weight: 01
+---
+
+== Supported Versions
+
+We follow an **End-of-Life (EOL)** policy to provide security and bug fix support for KubeSphere versions.
+
+We regularly release patch versions to address security vulnerabilities and critical bugs for supported KubeSphere
+releases. The support period for each version is determined by its **EOL date**, rather than by a fixed number of minor
+versions.
+
+The current support plan is as follows:
+
+[%header,cols="1a,1a"]
+|===
+| KubeSphere Version | End of Life (EOL) Date
+
+| **KubeSphere v4.2** | To be determined
+| **KubeSphere v4.1** | Sep 12, 2027
+| **KubeSphere v3.4** | Dec 25, 2025
+| **KubeSphere v3.3 & earlier** | Oct 31, 2025
+|===
+
+
+Once a version reaches its EOL date, it will no longer receive official security updates or bug fixes. Older versions
+may receive **critical security fixes on a best-effort basis**, but we cannot guarantee that all security patches will
+be backported to unsupported versions.
+
+In rare cases, where a security fix requires significant architectural changes or is otherwise highly intrusive, and a
+feasible workaround exists, we may choose to **apply the fix only in a future release**, rather than backporting it to a
+patch version for currently supported releases.
+
+For long-term stability, we recommend users plan their upgrades according to the EOL schedule.
+
+Let me know if you'd like any refinements!
+
+== Reporting a Vulnerability
+
+=== Security Vulnerability Disclosure and Response Process
+
+To ensure KubeSphere security, a security vulnerability disclosure and response process is adopted. And the security team is set up in KubeSphere community, also any issue and PR is welcome for every contributors.
+
+The primary goal of this process is to reduce the total exposure time of users to publicly known vulnerabilities. To quickly fix vulnerabilities of KubeSphere, the security team is responsible for the entire vulnerability management process, including internal communication and external disclosure.
+
+If you find a vulnerability or encounter a security incident involving vulnerabilities of KubeSphere, please report it as soon as possible to the KubeSphere security team (security@kubesphere.io).
+
+Please kindly help provide as much vulnerability information as possible in the following format:
+
+- Issue title(Please add 'Security' lable)+++*+++:
+
+- Overview+++*+++:
+
+- Affected components and version number+++*+++:
+
+- CVE number (if any):
+
+- Vulnerability verification process+++*+++:
+
+- Contact information+++*+++:
+
+The asterisk (*) indicates the required field.
+
+=== Response Time
+
+The KubeSphere security team will confirm the vulnerabilities and contact you within 2 working days after your submission.
+
+We will publicly thank you after fixing the security vulnerability. To avoid negative impact, please keep the vulnerability confidential until we fix it.
+
+We would appreciate it if you could obey the following code of conduct:
+
+- The vulnerability will not be disclosed until KubeSphere releases a patch for it.
+
+- The details of the vulnerability, for example, exploits code, will not be disclosed.
\ No newline at end of file
diff --git a/content/en/docs/v4.1/21-security/_index.adoc b/content/en/docs/v4.1/21-security/_index.adoc
new file mode 100644
index 000000000..ff449efee
--- /dev/null
+++ b/content/en/docs/v4.1/21-security/_index.adoc
@@ -0,0 +1,6 @@
+---
+title: "Security"
+weight: 21
+layout: "second"
+icon: "/images/docs/v3.x/docs.svg"
+---
\ No newline at end of file
diff --git a/content/zh/docs/v4.1/21-security/01-security-policy.adoc b/content/zh/docs/v4.1/21-security/01-security-policy.adoc
new file mode 100644
index 000000000..d46984372
--- /dev/null
+++ b/content/zh/docs/v4.1/21-security/01-security-policy.adoc
@@ -0,0 +1,70 @@
+---
+title: "安全策略"
+keywords: "Kubernetes, KubeSphere, 安全策略"
+description: "介绍 KubeSphere 安全策略。"
+weight: 05
+---
+
+== 支持的版本
+
+我方遵循**生命周期结束(EOL)** 政策,为 KubeSphere 各版本提供安全补丁和错误修复支持。
+
+我们会定期发布补丁版本,以解决所支持 KubeSphere 版本中的安全漏洞和重要错误。每个版本的支持期限由其 **EOL 日期**决定,而不是基于支持的次要版本数量。
+
+当前支持计划如下:
+
+[%header,cols="1a,4a"]
+|===
+| KubeSphere 版本 | 生命周期结束 (EOL) 日期
+
+| **KubeSphere v4.2** | 待定
+| **KubeSphere v4.1** | 2027 年 9 月 12 日
+| **KubeSphere v3.4** | 2025 年 12 月 25 日
+| **KubeSphere v3.3 及更早版本** | 2025 年 10 月 31 日
+|===
+
+一旦版本达到其 EOL 日期,它将不再收到官方的安全更新或错误修复。我们可能会**在能力范围内**为较旧版本提供关键安全修复,但无法保证所有安全补丁都会回溯到不受支持的版本。
+
+在极少数情况下,如果安全修复需要进行重大的架构更改或其他高度侵入性的修改,并且存在可行的替代方案,我们可能会选择**仅在未来的版本中实施修复**,而不是回溯到当前受支持版本的补丁中。
+
+为了长期稳定性,建议用户根据 EOL 时间表规划升级 KubeSphere。
+
+如有任何改进建议,请告知!
+
+== 报告漏洞
+
+=== 安全漏洞披露与响应流程
+
+为确保 KubeSphere 的安全性,我们建立了安全漏洞披露与响应流程,并在 KubeSphere 社区中设立了专门的安全团队,同时欢迎所有贡献者提交问题和 PR。
+
+该流程的主要目标是缩短用户暴露于公开已知漏洞的时间。安全团队负责漏洞管理的全流程,包括内部沟通和外部披露,以确保 KubeSphere 的漏洞能够被快速修复。
+
+如果您发现漏洞或遇到与 KubeSphere 有关的安全事件,请立即联系 KubeSphere 安全团队(security@kubesphere.io)。
+
+请尽可能按照以下格式提供漏洞信息:
+
+- 问题标题(请添加 'Security' 标签)+++*+++:
+
+- 概述+++*+++:
+
+- 受影响的组件及版本号+++*+++:
+
+- CVE 编号(如有):
+
+- 漏洞验证过程+++*+++:
+
+- 联系方式+++*+++:
+
+带星号(*)的字段为必填项。
+
+=== 响应时间
+
+KubeSphere 安全团队将在您提交漏洞后的 2 个工作日内确认并联系您。
+
+在漏洞修复完成后,我们将公开致谢。为避免潜在负面影响,请在修复完成前对漏洞信息严格保密。
+
+我们希望您能遵守以下行为准则:
+
+- 在 KubeSphere 发布补丁之前,请勿对外披露该漏洞。
+
+- 请勿公开漏洞的详细信息(例如漏洞利用代码)。
\ No newline at end of file
diff --git a/content/zh/docs/v4.1/21-security/_index.adoc b/content/zh/docs/v4.1/21-security/_index.adoc
new file mode 100644
index 000000000..66e932d9b
--- /dev/null
+++ b/content/zh/docs/v4.1/21-security/_index.adoc
@@ -0,0 +1,6 @@
+---
+title: "安全说明"
+weight: 21
+layout: "second"
+icon: "/images/docs/v3.x/docs.svg"
+---
\ No newline at end of file