Update security policy

getformwork · May 25, 2024 · 7a497f1 · 7a497f1
1 parent e776417
commit 7a497f1
Showing 1 changed file with 13 additions and 3 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -4,9 +4,19 @@
 
 | Version   | Supported          |
 | --------- | ------------------ |
-| >= 1.12.x | :white_check_mark: |
-| < 1.12.0  | :x:                |
+| >= 1.13.x | :white_check_mark: |
+| < 1.13.0  | :x:                |
 
 ## Reporting a Vulnerability
 
-Please contact security@getformwork.org with an explaination of the security issue you found and we'll work together to resolve it.
+We appreciate anyone's effort to report vulnerabilities found in Formwork. Be responsible about disclosing the vulnerability
+
+**You can [draft a security advisory](https://github.com/getformwork/formwork/security/advisories/new)** with an explaination of the security issue you found and we'll work together to resolve it.
+
+If you prefer you can still contact security@getformwork.org
+
+> [!WARNING]  
+> Remember that not informing about the vulnerability or publicly disclosing details about the vulnerability even on our Discord channels, or without us knowing, which is even worse, exposes Formwork users to unnecessary additional risk.
+
+> [!IMPORTANT]  
+> Please do NOT use third party security reporting services, or authorities like MITRE to get CVE IDs, we like to keep everything at GitHub for better manageability. We'll request a CVE ID for confirmed vulnerabilities.