docs: update SECURITY.md now that we've enabled vulnerability reporting

We enabled GitHub's private vulnerability reporting a few weeks or months ago (for CVE-2024-51990), so there's no need to email about vulnerabilities anymore.
jj-vcs · Dec 11, 2024 · db5e7dd · db5e7dd
1 parent 1ceda1f
commit db5e7dd
Showing 1 changed file with 7 additions and 7 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -1,7 +1,7 @@
-To report a security issue, please
-email Jujutsu VCS Security at <[email protected]>
-with a description of the issue, the steps you took to create the issue,
-affected versions, and, if known, mitigations for the issue. Our vulnerability
-management team will respond within 3 working days of your email. If the issue
-is confirmed as a vulnerability, we will open a Security Advisory. This project
-follows a 90 day disclosure timeline.
+To report a security issue, please use the "Report a vulnerability" button on
+this page. Our vulnerability management team will respond within 3 working days
+of your report. If the issue is confirmed as a vulnerability, we will open a
+Security Advisory. This project follows a 90 day disclosure timeline.
+
+Feel free to email Jujutsu VCS Security at <[email protected]> if you
+have questions.