On Tue, 24 Sep 2024 13:28:47 GMT, George Adams <gd...@openjdk.org> wrote:
> Currently the [security tab](https://github.com/openjdk/jdk/security) on the > GitHub repos is empty with no clear information or links on where to report > security vulnerabilities. > > <img width="1278" alt="Screenshot 2024-09-24 at 14 28 37" > src="https://github.com/user-attachments/assets/4fd68f9f-46d8-4c06-ad71-52747c8f5cf2";> > > I've made an exact copy of https://openjdk.org/groups/vulnerability/report > which hasn't changed since 2019 so is unlikely to require regular updating. > The other option is that we simply provide a link in the security file to > this policy on the website? I'm happy with either approach. I think the build label is right here but it could be security 🤷🏼 ------------- PR Comment: https://git.openjdk.org/jdk/pull/21155#issuecomment-2371327296
