Update SECURITY.md

Trendyol · Jan 5, 2025 · 14d1eac · 14d1eac
1 parent 0db25dc
commit 14d1eac
Showing 1 changed file with 22 additions and 19 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -4,27 +4,30 @@
 
 The following versions of `es-query-builder` are currently supported with security updates:
 
-| Version | Supported          |
-| ------- | ------------------ |
-| ≥ 0.3.6 | ✅ Supported       |
-| < 0.3.6 | ❌ Not Supported   |
+| Version  | Supported          |
+| -------- | ------------------ |
+| ≥ 0.3.6  | ✅ Supported       |
+| < 0.3.6  | ❌ Not Supported   |
 
 ## Reporting a Vulnerability
 
-We encourage the community to report security vulnerabilities responsibly to help us maintain the integrity of `es-query-builder`.
-
-### How to Report
-- Please create a **GitHub Issue** in the [repository Issues section](https://github.com/Trendyol/es-query-builder/issues).
-- Include the following details in your report:
-  - A description of the vulnerability.
-  - Steps to reproduce the issue.
-  - (Optional) Your suggestions for mitigation or fixes.
-
-### What to Expect
-1. **Acknowledgment**: We will respond to your issue within **48 hours**.
-2. **Resolution Process**:
-   - Accepted vulnerabilities will be assigned a severity level and prioritized.
-   - A fix is typically delivered within **30 days**, depending on severity.
-3. **Confidentiality**: Please avoid sharing the vulnerability details publicly until a fix has been released.
+We encourage the community to report security vulnerabilities responsibly to help us maintain the integrity of `es-query-builder`.  
+
+### Public Reporting  
+- For most issues, please create a **GitHub Issue** in the [repository Issues section](https://github.com/Trendyol/es-query-builder/issues).  
+- Include the following details in your report:  
+  - A description of the vulnerability.  
+  - Steps to reproduce the issue.  
+  - (Optional) Your suggestions for mitigation or fixes.  
+
+### Private Reporting  
+If the vulnerability is sensitive and public disclosure could pose a risk, please report it privately by using GitHub's [private security advisory feature](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability).  
+
+### What to Expect  
+1. **Acknowledgment**: We will respond to your report within **48 hours**.  
+2. **Resolution Process**:  
+   - Accepted vulnerabilities will be assigned a severity level and prioritized.  
+   - A fix is typically delivered within **30 days**, depending on severity.  
+3. **Confidentiality**: Please avoid sharing the vulnerability details publicly until a fix has been released.  
 
 We appreciate your contributions to keeping `es-query-builder` secure!