From cc60cc9a3249665edf5dcef33b526b8669138e51 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20=C5=A0pa=C4=8Dek?= <pspacek@isc.org>
Date: Wed, 28 May 2025 12:53:48 +0200
Subject: [PATCH] Update security issue reporting procedure

We have a new template for people to use. It saves lots of back and
forth if people use it.
---
 SECURITY.md | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index 2c63605988..3998de48df 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -17,10 +17,12 @@ relevant [ISC Knowledgebase article][1].
 
 ## Reporting possible security issues
 
-If you think you may be seeing a potential security vulnerability in
-BIND (for example, a crash with a REQUIRE, INSIST, or ASSERT failure),
-please report it immediately by [opening a confidential GitLab issue][2]
-(preferred) or emailing bind-security@isc.org.
+If you think you may be seeing a potential security vulnerability in BIND (for
+example, a crash with a REQUIRE, INSIST, or ASSERT failure), please report it
+immediately by [opening a confidential GitLab issue][2]. If a GitLab issue is
+not an option, please use the template from the file
+.gitlab/issue_templates/Security_issue.mde-mail and send it to
+bind-security@isc.org.
 
 Please do not discuss undisclosed security vulnerabilities on any public
 mailing list. ISC has a long history of handling reported
@@ -31,5 +33,5 @@ If you have a crash, you may want to consult the Knowledgebase article
 entitled ["What to do if your BIND or DHCP server has crashed"][3].
 
 [1]: https://kb.isc.org/docs/aa-00861
-[2]: https://gitlab.isc.org/isc-projects/bind9/-/issues/new?issue[confidential]=true&issuable_template=Bug
+[2]: https://gitlab.isc.org/isc-projects/bind9/-/issues/new?description_template=Security_issue
 [3]: https://kb.isc.org/docs/aa-00340