From 3d436b977b1ab41a4c6ab10f2d7ff48aad895470 Mon Sep 17 00:00:00 2001 From: Joyce Date: Mon, 6 Nov 2023 13:47:27 -0300 Subject: [PATCH] Update SECURITY.md Signed-off-by: Joyce --- SECURITY.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index 8457909b2..a3683a9eb 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -4,9 +4,9 @@ Security updates are applied only to the repository itself. ## Reporting a Vulnerability +Reports are limited to repo matters. Any vulnerability reports related to the addition or removal of PSL entries in the .dat file shall be rejected and referred to filing pull requests that should make mention the alleged urgency. + If you have discovered a security vulnerability in this project, please report it privately. **Do not disclose it as a public issue.** This gives us time to work with you to fix the issue before public exposure, reducing the chance that the exploit will be used before a patch is released. Please disclose it at [security advisory](https://github.com/publicsuffix/list/security/advisories/new). -Reports are limited to repo matters. Any vulnerability reports related to the addition or removal of PSL entries in the .dat file shall be rejected and referred to filing pull requests that should make mention the alleged urgency. - This project is maintained by a team of volunteers on a reasonable-effort basis. As such, please give us at least 90 days to work on a fix before public exposure.