please report security issues to the vim-security list
Signed-off-by: Christian Brabandt <cb@256bit.org>
diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml
index 3c97420..d1acf94 100644
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -9,8 +9,10 @@
value: |
Thanks for reporting issues of Vim!
- If you want to report a security issue, instead of reporting it here
- please disclose it privately to cb@256bit.org
+ If you want to report a security issue, instead of reporting it here publicly,
+ please disclose it privately via mail to vim-security@googlegroups.com.
+ (It's a private list read only by the maintainers,
+ but anybody can post, after moderation.)
To make it easier for us to help you please enter detailed information below.
- type: textarea
diff --git a/SECURITY.md b/SECURITY.md
index 67548bb..7d1e016 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -2,6 +2,9 @@
## Reporting a vulnerability
-If you want to report a security issue, please privately disclose the issue to the current maintainer cb@256bit.org
+If you want to report a security issue, please privately disclose the issue to the vim-security mailing list
+vim-security@googlegroups.com
+
+This is a private list, read only by the maintainers, but anybody can post, after moderation.
**Please don't publicly disclose the issue until it has been addressed by us.**