docs: update SECURITY.md now that we've enabled vulnerability reporting

We enabled GitHub's private vulnerability reporting a few weeks or
months ago (for CVE-2024-51990), so there's no need to email about
vulnerabilities anymore.
This commit is contained in:
Martin von Zweigbergk 2024-12-11 08:53:38 -08:00 committed by Martin von Zweigbergk
parent 1ceda1fb89
commit db5e7dd70c

View file

@ -1,7 +1,7 @@
To report a security issue, please
email Jujutsu VCS Security at <jj-security@googlegroups.com>
with a description of the issue, the steps you took to create the issue,
affected versions, and, if known, mitigations for the issue. Our vulnerability
management team will respond within 3 working days of your email. If the issue
is confirmed as a vulnerability, we will open a Security Advisory. This project
follows a 90 day disclosure timeline.
To report a security issue, please use the "Report a vulnerability" button on
this page. Our vulnerability management team will respond within 3 working days
of your report. If the issue is confirmed as a vulnerability, we will open a
Security Advisory. This project follows a 90 day disclosure timeline.
Feel free to email Jujutsu VCS Security at <jj-security@googlegroups.com> if you
have questions.