Update security issue reporting procedure

We have a new template for people to use. It saves lots of back and forth if people use it. (cherry picked from commit cc60cc9a32)
2026-05-28 04:34:54 -04:00 · 2025-05-28 12:53:48 +02:00 · 2025-05-28 12:53:48 +02:00 · 75ea8e5ec4
commit 75ea8e5ec4
parent 39f1092cac
1 changed files with 7 additions and 5 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@ -17,10 +17,12 @@ relevant [ISC Knowledgebase article][1].

 ## Reporting possible security issues

-If you think you may be seeing a potential security vulnerability in
-BIND (for example, a crash with a REQUIRE, INSIST, or ASSERT failure),
-please report it immediately by [opening a confidential GitLab issue][2]
-(preferred) or emailing bind-security@isc.org.
+If you think you may be seeing a potential security vulnerability in BIND (for
+example, a crash with a REQUIRE, INSIST, or ASSERT failure), please report it
+immediately by [opening a confidential GitLab issue][2]. If a GitLab issue is
+not an option, please use the template from the file
+.gitlab/issue_templates/Security_issue.mde-mail and send it to
+bind-security@isc.org.

 Please do not discuss undisclosed security vulnerabilities on any public
 mailing list. ISC has a long history of handling reported
@ -31,5 +33,5 @@ If you have a crash, you may want to consult the Knowledgebase article
 entitled ["What to do if your BIND or DHCP server has crashed"][3].

 [1]: https://kb.isc.org/docs/aa-00861
-[2]: https://gitlab.isc.org/isc-projects/bind9/-/issues/new?issue[confidential]=true&issuable_template=Bug
+[2]: https://gitlab.isc.org/isc-projects/bind9/-/issues/new?description_template=Security_issue
 [3]: https://kb.isc.org/docs/aa-00340