please report security issues to the vim-security list

Signed-off-by: Christian Brabandt <cb@256bit.org>
2025-07-15 08:41:54 +00:00 · 2023-10-23 19:59:22 +02:00
parent 7d254dbc2d
commit 50f3ec2898
2 changed files with 8 additions and 3 deletions
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@ -9,8 +9,10 @@ body:
      value: |
        Thanks for reporting issues of Vim!

-        If you want to report a security issue, instead of reporting it here
-        please disclose it privately to cb@256bit.org
+        If you want to report a security issue, instead of reporting it here publicly,
+        please disclose it privately via mail to vim-security@googlegroups.com.
+        (It's a private list read only by the maintainers,
+        but anybody can post, after moderation.)
        
        To make it easier for us to help you please enter detailed information below.
  - type: textarea
--- a/SECURITY.md
+++ b/SECURITY.md
@ -2,6 +2,9 @@

 ## Reporting a vulnerability

-If you want to report a security issue, please privately disclose the issue to the current maintainer cb@256bit.org
+If you want to report a security issue, please privately disclose the issue to the vim-security mailing list
+vim-security@googlegroups.com
+
+This is a private list, read only by the maintainers, but anybody can post, after moderation.

 **Please don't publicly disclose the issue until it has been addressed by us.**