Update security policy for 4.1 branch (#32302)

2024-10-18 12:42:41 +02:00 · 2024-10-08 14:25:05 +02:00 · 2024-10-08 14:25:05 +02:00 · bea446d892
commit bea446d892
parent 9da2711173
1 changed files with 7 additions and 3 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@ -1,8 +1,11 @@
 # Security Policy

-If you believe you've identified a security vulnerability in Mastodon (a bug that allows something to happen that shouldn't be possible), you can reach us at <security@joinmastodon.org>.
+If you believe you've identified a security vulnerability in Mastodon (a bug that allows something to happen that shouldn't be possible), you can either:

-You should *not* report such issues on GitHub or in other public spaces to give us time to publish a fix for the issue without exposing Mastodon's users to increased risk.
+- open a [GitHub security issue on the Mastodon project](https://github.com/mastodon/mastodon/security/advisories/new)
+- reach us at <security@joinmastodon.org>
+
+You should _not_ report such issues on public GitHub issues or in other public spaces to give us time to publish a fix for the issue without exposing Mastodon's users to increased risk.

 ## Scope

@ -12,6 +15,7 @@ A "vulnerability in Mastodon" is a vulnerability in the code distributed through

 | Version | Supported        |
 | ------- | ---------------- |
+| 4.3.x   | Yes              |
 | 4.2.x   | Yes              |
-| 4.1.x   | Yes              |
+| 4.1.x   | Until 2025-04-08 |
 | < 4.1   | No               |