Home Explore
Register Sign In
SongZihuan
/
GogsUpstream
mirror of https://github.com/gogs/gogs.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

chore: update security policy

Joe Chen 4 months ago
parent
c94baec9ca
commit
8a3b8198af
1 changed files with 3 additions and 3 deletions
Split View Show Diff Stats
  1. 3 3
      SECURITY.md

+ 3 - 3
SECURITY.md
View File 

@@ -12,13 +12,13 @@ Existing vulnerability reports are being tracked in [GitHub Security Advisories]
 
 > Starting **Nov 9, 2023 00:00 UTC**, only security vulnerabilities reported through [GitHub Security Advisories](https://github.com/gogs/gogs/security/advisories/new) are accepted.
 
 > Pre-existing vulnerability reported through https://huntr.dev/ or email (`security@gogs.io`) will continue to be worked through.
 
 
-1. Report a vulnerability
 
-1. Project maintainers review the report and either:
 
+1. Report an advisory for the vulnerability
 
+1. Project maintainers review the advisory and either:
 
     - Ask clarifying questions
 
     - Confirm or deny the vulnerability
 
 1. Once the vulnerability is confirmed, the reporter may submit a patch or wait for project maintainers to patch.
 
     - The latter is usually significantly slower.
 
 1. Patch releases will be made for the supported versions.
 
-1. Publish the report on [GitHub Security Advisories](https://github.com/gogs/gogs/security/advisories).
 
+1. After 14 days of the release, publish the corresponding advisory on [GitHub Security Advisories](https://github.com/gogs/gogs/security/advisories).
 
 
 Thank you!