From 466636c4a5fb8a9fa9cbda85c9750afb65fbf46b Mon Sep 17 00:00:00 2001 From: Mike Gualtieri <36079536+mlgualtieri@users.noreply.github.com> Date: Wed, 14 Jul 2021 19:17:52 -0400 Subject: [PATCH] Security md update (#32370) * updating SECURITY.md to indicate supported versions * updating vulnerability reporting guidelines * chore: format Co-authored-by: gatsbybot --- SECURITY.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index f1029e992b5f5..837cba800db69 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -13,4 +13,8 @@ The following versions are currently being supported with security updates. ## Reporting a Vulnerability -Please email security@gatsbyjs.com +If you believe you have found a security issue with any of Gatsby's open source or commercial offerings, we would love to receive your report! Security findings can be emailed to security@gatsbyjs.com. + +When reporting a security issue, describe the issue in detail and include steps to reproduce. The more detail provided, the more likely we will be able to reproduce the issue and determine a course of action. + +Please do not report findings from `npm audit`. We are aware of package dependency issues that are reported by this tool and do review these reports. In many cases the issues reported by `npm audit` are misleading and do not present a tangible/exploitable security risk for Gatsby users.