From: Petr Špaček <pspacek@isc.org>
Date: Wed, 28 May 2025 10:53:48 +0000 (+0200)
Subject: Update security issue reporting procedure
X-Git-Tag: v9.21.9~35^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cc60cc9a3249665edf5dcef33b526b8669138e51;p=thirdparty%2Fbind9.git

Update security issue reporting procedure

We have a new template for people to use. It saves lots of back and
forth if people use it.
---

diff --git a/SECURITY.md b/SECURITY.md
index 2c636059889..3998de48df5 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -17,10 +17,12 @@ relevant [ISC Knowledgebase article][1].
 
 ## Reporting possible security issues
 
-If you think you may be seeing a potential security vulnerability in
-BIND (for example, a crash with a REQUIRE, INSIST, or ASSERT failure),
-please report it immediately by [opening a confidential GitLab issue][2]
-(preferred) or emailing bind-security@isc.org.
+If you think you may be seeing a potential security vulnerability in BIND (for
+example, a crash with a REQUIRE, INSIST, or ASSERT failure), please report it
+immediately by [opening a confidential GitLab issue][2]. If a GitLab issue is
+not an option, please use the template from the file
+.gitlab/issue_templates/Security_issue.mde-mail and send it to
+bind-security@isc.org.
 
 Please do not discuss undisclosed security vulnerabilities on any public
 mailing list. ISC has a long history of handling reported
@@ -31,5 +33,5 @@ If you have a crash, you may want to consult the Knowledgebase article
 entitled ["What to do if your BIND or DHCP server has crashed"][3].
 
 [1]: https://kb.isc.org/docs/aa-00861
-[2]: https://gitlab.isc.org/isc-projects/bind9/-/issues/new?issue[confidential]=true&issuable_template=Bug
+[2]: https://gitlab.isc.org/isc-projects/bind9/-/issues/new?description_template=Security_issue
 [3]: https://kb.isc.org/docs/aa-00340