Update security issue reporting procedure

We have a new template for people to use. It saves lots of back and
forth if people use it.

diff --git a/SECURITY.md b/SECURITY.md
index 2c636059889e62000d8cfcb5784474c0b3cedaf2..3998de48df5d122e9f8eb5bd5ba9f6cacdfabcb2 100644 (file)
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -17,10 +17,12 @@ relevant [ISC Knowledgebase article][1].
 
 ## Reporting possible security issues
 
-If you think you may be seeing a potential security vulnerability in
-BIND (for example, a crash with a REQUIRE, INSIST, or ASSERT failure),
-please report it immediately by [opening a confidential GitLab issue][2]
-(preferred) or emailing bind-security@isc.org.
+If you think you may be seeing a potential security vulnerability in BIND (for
+example, a crash with a REQUIRE, INSIST, or ASSERT failure), please report it
+immediately by [opening a confidential GitLab issue][2]. If a GitLab issue is
+not an option, please use the template from the file
+.gitlab/issue_templates/Security_issue.mde-mail and send it to
+bind-security@isc.org.
 
 Please do not discuss undisclosed security vulnerabilities on any public
 mailing list. ISC has a long history of handling reported
@@ -31,5 +33,5 @@ If you have a crash, you may want to consult the Knowledgebase article
 entitled ["What to do if your BIND or DHCP server has crashed"][3].
 
 [1]: https://kb.isc.org/docs/aa-00861
-[2]: https://gitlab.isc.org/isc-projects/bind9/-/issues/new?issue[confidential]=true&issuable_template=Bug
+[2]: https://gitlab.isc.org/isc-projects/bind9/-/issues/new?description_template=Security_issue
 [3]: https://kb.isc.org/docs/aa-00340