SECURITY.md: LTS branches triggers version release

The release cycle is in order of months currently, so when a
security fix is applied to LTS (long-term support) branches,
it is recommended to release a new version.

The idea is to keep the latest LTS tarball less vulnerable.

Signed-off-by: Flavio Leitner <fbl@redhat.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>

Author: fleitner

SECURITY.md

@@ -144,6 +144,9 @@ they have already been reviewed and applied), post the security
 advisory to appropriate mailing lists (ovs-announce, ovs-discuss), and
 post the security advisory on the Open vSwitch webpage.
 
+When the patch is applied to LTS (long-term support) branches, a new
+version should be released.
+
 The security advisory should be GPG-signed by a security team member
 with a key that is in a public web of trust.