From 31f6d2cf86da64ee57f8145b6823249b789c9a55 Mon Sep 17 00:00:00 2001 From: Jameson Nash Date: Sun, 29 Mar 2026 08:37:02 -0400 Subject: [PATCH] Update vulnerability reporting instructions in SECURITY.md Corrected the phrasing regarding the reporting of security vulnerabilities and clarified the email address for reporting. --- SECURITY.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 83cb4ea20..e8587b075 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -10,7 +10,7 @@ Currently, we are providing security updates for the latest release in the v1.x ## Reporting a Vulnerability -If you believe you have found an active security vulnerability in `libuv`, please use the libuv-security@googlegroups.com to report it to us. Please report all other issues on the github issue tracker. We have been forced to terminate the ability to use Github's private vulnerability reporting due to a flood of AI-generate report spam, and a lack of sufficient moderation tools to manage the false reports. +If you believe you have found an active security vulnerability in `libuv`, please report it to libuv-security@googlegroups.com. Please report all other issues on the github issue tracker. We have been forced to terminate the ability to use Github's private vulnerability reporting due to a flood of AI-generated report spam, and a lack of sufficient moderation tools to manage the false reports. This will allow us to assess the risk and make a fix available before we add a bug report to the GitHub repository and issue a Github security advisory and assign a CVE.