Skip to content

Commit

Permalink
security: Indicate that a draft security advisory is insufficient not…
Browse files Browse the repository at this point in the history
…ification
  • Loading branch information
jbr authored Jan 24, 2024
1 parent 55e6d57 commit b27950c
Showing 1 changed file with 7 additions and 1 deletion.
8 changes: 7 additions & 1 deletion SECURITY.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,4 +5,10 @@
Until Trillium reaches 1.0, only the most recent release will be certainly be supported for security updates, but an effort will be made to backport critical patches when possible.

## Reporting a Vulnerability
To report a vulnerability, email [hi@jbr.me](mailto:hi@jbr.me)

To report a vulnerability, email [hi@jbr.me](mailto:hi@jbr.me) and/or contact me on [signal](https://signal.group/#CjQKIAarILo8OPFVt2qMCYgtDsPwOwwf_zVkZcDi7HEnF-BUEhAOAw28LIdxCfjbSiOJ36jB). The latter is an experiment, so please follow up by email additionally for now.

Feel free to [draft a GitHub Security Advisory](https://github.com/trillium-rs/trillium/security/advisories/new) in addition to the above.

> [!IMPORTANT]
> Please do not _exclusively_ file a GitHub security advisory without also reaching out on another channel. GitHub's notifications for draft security advisories are inadequate and too easily missed.

0 comments on commit b27950c

Please # to comment.