Update security policy and issue template

Because Spring Framework already has a security policy, this shows up in the issue template automatically. This commit removes the extra external link and updates the original security policy. See gh-33711
spring-projects · Oct 15, 2024 · 88b684c · 88b684c
1 parent 3bc2c91
commit 88b684c
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 13 deletions.
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,8 +1,5 @@
 blank_issues_enabled: false
 contact_links:
-  - name: Security issue
-    url: https://github.com/spring-projects/security-advisories/security/advisories/new
-    about: Security issues must be disclosed and discussed in private. See https://spring.io/security-policy
   - name: Asking for help
     url: https://stackoverflow.com/tags/spring
     about: The Spring team is using StackOverflow for questions.

diff --git a/SECURITY.md b/SECURITY.md
@@ -1,16 +1,11 @@
-# Security Policy
+# Reporting a Vulnerability
+
+You can create a [draft security advisory here](https://github.com/spring-projects/security-advisories/security/advisories/new).
+Security issues must be disclosed and discussed in private. Please check out our [security policy](https://spring.io/security-policy).
+Note that we can only accept vulnerabilities against [supported versions](https://spring.io/projects/spring-framework#support).
 
 ## JAR signing
 
 Spring Framework JARs released on Maven Central are signed.
 You'll find more information about the key here: https://spring.io/GPG-KEY-spring.txt
 
-## Supported Versions
-
-Please see the
-[Spring Framework Versions](https://github.com/spring-projects/spring-framework/wiki/Spring-Framework-Versions)
-wiki page.
-
-## Reporting a Vulnerability
-
-Please see https://spring.io/security-policy.