You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To give people instructions for reporting security vulnerabilities in your project, you can add a SECURITY.md file to your repository's root, docs, or .github folder. When someone creates an issue in your repository, they will see a link to your project's security policy.
In the past, GitHub was happy to consider our
/docs/security.rst
as the security policy.It looks like now, it wants
/SECURITY.md
Since we use GitHub for security bug reporting and fixing via private .
Also, add a note in the release process to make sure we alwasy have a CVE for any security bug.
The text was updated successfully, but these errors were encountered: