8000 Merge pull request #24322 from tacaswell/gov_security · matplotlib/matplotlib@781af6b · GitHub
[go: up one dir, main page]

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Appearance settings

Commit 781af6b

Browse files
authored
Merge pull request #24322 from tacaswell/gov_security
GOV: change security reporting to use tidelift
2 parents 14c50c8 + 0d9b761 commit 781af6b

File tree

1 file changed

+5
-8
lines changed

1 file changed

+5
-8
lines changed

SECURITY.md

Lines changed: 5 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -17,15 +17,12 @@ versions.
1717

1818
## Reporting a Vulnerability
1919

20-
If you have found a security vulnerability, in order to keep it confidential,
21-
please do not report an issue on GitHub.
2220

23-
Please email us details of the vulnerability at matplotlib-steering-council@numfocus.org;
24-
include a description and proof-of-concept that is [short and
25-
self-contained](http://www.sscce.org/).
21+
To report a security vulnerability, please use the [Tidelift security
22+
contact](https://tidelift.com/security). Tidelift will coordinate the fix and
23+
disclosure.
2624

27-
You should expect a response within a week of your email. Depending on the
28-
severity of the issue, this may require some time to draft an immediate bugfix
29-
release. Less severe issues may be held until the next release.
25+
If you have found a security vulnerability, in order to keep it confidential,
26+
please do not report an issue on GitHub.
3027

3128
We do not award bounties for security vulnerabilities.

0 commit comments

Comments
 (0)
0