On Wed, 25 Sep 2024 21:08:41 GMT, Kevin Rushforth <k...@openjdk.org> wrote:
> A `SECURITY.md` file was recently added to the jdk repo. GitHub will show > that policy if you click on the ["Security" > tab](https://github.com/openjdk/jdk/security) of the jdk repo -- If you are > logged in, you may need to further click on the ["Policy" > tab](https://github.com/openjdk/jdk/security/policy). > > We need a copy of this file in the jfx repo, so that similarly, you will see > the policy if you click on the ["Security" > tab](https://github.com/openjdk/jfx/security) of the jfx repo -- if you are > logged in, you may need to further click on the ["Policy" > tab](https://github.com/openjdk/jfx/security/policy). > > The `SECURITY.md` file in this PR is identical to the one in the jdk repo, > with "JDK" replaced by "JavaFX" in two places (the section header and the > name of the software). > > See openjdk/jdk#21155 for more details. SECURITY.md line 3: > 1: # JavaFX Vulnerabilities > 2: > 3: Please follow the process outlined in the [OpenJDK Vulnerability > Policy](https://openjdk.org/groups/vulnerability/report) to disclose > vulnerabilities in JavaFX. since FX is not technically a part of JDK, should it point to a separate (new) page instead of https://openjdk.org/groups/vulnerability/report ? ------------- PR Review Comment: https://git.openjdk.org/jfx/pull/1578#discussion_r1776005344
