From e75ea4e224e23b75c14d66d750bdbc56e0b8a77b Mon Sep 17 00:00:00 2001 From: Jeroen Ticheler Date: Fri, 9 Feb 2024 23:59:00 +0100 Subject: [PATCH] Update SECURITY.md Make sure it is clear to report a vulnerability directly through Github. --- SECURITY.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index a57cbf320f8..fda55f12dad 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -2,7 +2,7 @@ The GeoNetwork community takes the security of the software and all services based on the software product seriously. On this page you can find the versions for which the community provides security patches. -If you believe you have found a security vulnerability in the software or an implementation of the software, please report it to geonetwork@osgeo.org as described below. Do not publish the vulnerability in any public forums (such as Twitter/X, email list or issue tracker). +If you believe you have found a security vulnerability in the software or an implementation of the software, please report it [here](https://github.com/geonetwork/core-geonetwork/security/advisories/new) as described below. Do not publish the vulnerability in any public forums (such as Twitter/X, email list or issue tracker). ## Supported Versions @@ -23,8 +23,8 @@ If your organisation is making use of a GeoNetwork version that is no longer in If you encounter a security vulnerability in GeoNetwork please take care to report in a responsible fashion: -* Keep exploit details out of mailing list and issue tracker (send details to the Project Steering Committee via geonetwork@osgeo.org) +* Keep exploit details out of mailing list and issue tracker (instead provide details to the Project Steering Committee via the GitHub [Report a vulnerability](https://github.com/geonetwork/core-geonetwork/security/advisories/new) option link at the top of this page or send an email to geonetwork@osgeo.org) * Be prepared to work with community members on a solution -* Keep in mind community members are volunteers and an extensive fix may require fundraising / resources +* Keep in mind that community members are volunteers and an extensive fix may require fundraising / resources For more information see [How to contribute](https://github.com/geonetwork/core-geonetwork/wiki/How-to-contribute).