chore: update security policy

[skip ci]

SECURITY.md

@@ -4,20 +4,21 @@
 
 Only lastest two minor version releases are supported (>= 0.12) for accepting vulnerability reports and patching fixes.
 
-Existing vulnerability reports are being tracked in [Gogs Vulnerability Reports](https://jcunknwon.notion.site/Gogs-Vulnerability-Reports-81d7df52e45c4f159274e46ba48ed1b9).
+Existing vulnerability reports are being tracked in [GitHub Security Advisories](https://github.com/gogs/gogs/security/advisories).
 
 ## Vulnerability lifecycle
 
-1. Report a vulnerability:
-    - We strongly enourage to use https://huntr.dev/ for submitting and managing status of vulnerability reports.
-    - Alternatively, you may send vulnerability reports through emails to [security@gogs.io](mailto:security@gogs.io).
-1. Create a [dummy issue](https://github.com/gogs/gogs/issues/6901) with high-level description of the security vulnerability for credibility and tracking purposes.
+> [!important]
+> Starting **Nov 9, 2023 00:00 UTC**, only security vulnerabilities reported through [GitHub Security Advisories](https://github.com/gogs/gogs/security/advisories/new) are accepted.
+> Pre-existing vulnerability reported through https://huntr.dev/ or email (`security@gogs.io`) will continue to be worked through.
+
+1. Report a vulnerability
 1. Project maintainers review the report and either:
     - Ask clarifying questions
     - Confirm or deny the vulnerability
 1. Once the vulnerability is confirmed, the reporter may submit a patch or wait for project maintainers to patch.
     - The latter is usually significantly slower.
 1. Patch releases will be made for the supported versions.
-1. Publish the original vulnerability report and a new [GitHub security advisory](https://github.com/gogs/gogs/security/advisories).
+1. Publish the report on [GitHub Security Advisories](https://github.com/gogs/gogs/security/advisories).
 
 Thank you!