From db5e7dd70c5af90e9440bbd0f624b5986fc80748 Mon Sep 17 00:00:00 2001 From: Martin von Zweigbergk Date: Wed, 11 Dec 2024 08:53:38 -0800 Subject: [PATCH] docs: update SECURITY.md now that we've enabled vulnerability reporting We enabled GitHub's private vulnerability reporting a few weeks or months ago (for CVE-2024-51990), so there's no need to email about vulnerabilities anymore. --- SECURITY.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 4d0c1525a..be586d975 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,7 +1,7 @@ -To report a security issue, please -email Jujutsu VCS Security at -with a description of the issue, the steps you took to create the issue, -affected versions, and, if known, mitigations for the issue. Our vulnerability -management team will respond within 3 working days of your email. If the issue -is confirmed as a vulnerability, we will open a Security Advisory. This project -follows a 90 day disclosure timeline. +To report a security issue, please use the "Report a vulnerability" button on +this page. Our vulnerability management team will respond within 3 working days +of your report. If the issue is confirmed as a vulnerability, we will open a +Security Advisory. This project follows a 90 day disclosure timeline. + +Feel free to email Jujutsu VCS Security at if you +have questions.