I just notice, an accidentally(?) stolen credit for my Pull Request?:
https://github.com/webmin/webmin/commits/master/SECURITY.md

What do you believe is stolen? The text of the SECURITY.md you've linked that Jamie committed has no relation to the text of the file in your PR?

I seem to recall we discussed adding a SECURITY.md a while back, maybe in an issue? And, seems like Jamie added it a year ago. Looks to be wholly independent of your PR.

The date of my SECURITY.md PR is Oct 16, 2019, ~ 3 years and 5 months ago.
The date on Jamie's is Feb 19, 2022, ~ 1 year 1 month ago.. ~ 2 years 3 months after mine.
If adding SECURITY.md was discussed a year ago, maybe in an issue, then that discussion to add SECURITY.md was maybe, probably, triggered by my PR to add SECURITY.md, more than 2 years before that discussion!
My PR was a perfectly good SECURITY.md to get started with in 2019, it would've directed some users, if any, towards where to email in a report, pretty much every software project on here with a large user base and runs with highest privilege on an operating system, has one of these files in the main directory of the code.
My SECURITY.md had/has a bonus section at the top, where it says only the current version is supported for fixing vulnerabilities, and that current version number is now dynamically equal to the the current release version, without any need for someone to edit the version number in the file, very convenient.
Why wasn't my SECURITY.md PR merged in 2019, and then, 3 plus years later in 2022, tweak/edit the how to report section, to what is there now, leaving in my part at the top (supported versions reports are accepted for)?

My PR was a perfectly good SECURITY.md to get started with in 2019, it would've directed some users, if any, towards where to email in a report, pretty much every software project on here with a large user base and runs with highest privilege on an operating system, has one of these files in the main directory of the code.

Chris, I'm pretty sure this was unintentional. I assume, Jamie just missed it at a time.

My SECURITY.md had/has a bonus section at the top, where it says only the current version is supported for fixing vulnerabilities, and that current version number is now dynamically equal to the the current release version, without any need for someone to edit the version number in the file, very convenient.

This is a good suggestion. Update your PR using Jamie's text and adding your bonus section to the top, and we will merge it.