enabled GitHub's Private vulnerability (#218)

Signed-off-by: Alexander Piskun <[email protected]>
bigcat88 · Mar 4, 2024 · 81072f7 · 81072f7
1 parent ed772d4
commit 81072f7
Showing 1 changed file with 6 additions and 4 deletions.
diff --git a/.github/SECURITY.md b/.github/SECURITY.md
@@ -4,14 +4,16 @@
 
 Only the latest non-alpha/beta version is supported.
 
-Fix time is approximately from 1 to 3 days.
+Fix time is approximately from 1 to 5 days.
 
 ## Reporting a Vulnerability
 
 Transparency and Security are vital.
 All builds are made using GitHub Actions only and for macOS Arm64 using CirrusCI.
 No part of the releases is published from any local source, the release process is fully automated from start to finish.
 
-Please report security vulnerabilities to [email protected] with `Pillow-Heif` in the subject line.
-If there is no response within 24 hours, then create an Issue,
-without technical details, to report on the previously sent mail.
+Please report security issues using GitHub's `Private vulnerability` reporting feature.
+
+You are also welcome to report security vulnerabilities via email to `[email protected]`, ensuring to include `Pillow-Heif` in the subject line.
+
+If you do not receive a response within 48 hours, please create an issue without including technical details—to notify about it.