From 50f3ec2898a43feaa6add2bc4875754cf9224d5e Mon Sep 17 00:00:00 2001 From: Christian Brabandt Date: Mon, 23 Oct 2023 19:59:22 +0200 Subject: please report security issues to the vim-security list Signed-off-by: Christian Brabandt --- .github/ISSUE_TEMPLATE/bug_report.yml | 6 ++++-- SECURITY.md | 5 ++++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml index 3c97420930..d1acf94df1 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.yml +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -9,8 +9,10 @@ body: value: | Thanks for reporting issues of Vim! - If you want to report a security issue, instead of reporting it here - please disclose it privately to cb@256bit.org + If you want to report a security issue, instead of reporting it here publicly, + please disclose it privately via mail to vim-security@googlegroups.com. + (It's a private list read only by the maintainers, + but anybody can post, after moderation.) To make it easier for us to help you please enter detailed information below. - type: textarea diff --git a/SECURITY.md b/SECURITY.md index 67548bb00d..7d1e0166c9 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,6 +2,9 @@ ## Reporting a vulnerability -If you want to report a security issue, please privately disclose the issue to the current maintainer cb@256bit.org +If you want to report a security issue, please privately disclose the issue to the vim-security mailing list +vim-security@googlegroups.com + +This is a private list, read only by the maintainers, but anybody can post, after moderation. **Please don't publicly disclose the issue until it has been addressed by us.** -- cgit v1.2.3