On Wed, 25 Sep 2024 21:19:25 GMT, Andy Goryachev <ango...@openjdk.org> wrote:
>> A `SECURITY.md` file was recently added to the jdk repo. GitHub will show >> that policy if you click on the ["Security" >> tab](https://github.com/openjdk/jdk/security) of the jdk repo -- If you are >> logged in, you may need to further click on the ["Policy" >> tab](https://github.com/openjdk/jdk/security/policy). >> >> We need a copy of this file in the jfx repo, so that similarly, you will see >> the policy if you click on the ["Security" >> tab](https://github.com/openjdk/jfx/security) of the jfx repo -- if you are >> logged in, you may need to further click on the ["Policy" >> tab](https://github.com/openjdk/jfx/security/policy). >> >> The `SECURITY.md` file in this PR is identical to the one in the jdk repo, >> with "JDK" replaced by "JavaFX" in two places (the section header and the >> name of the software). >> >> See openjdk/jdk#21155 for more details. > > SECURITY.md line 3: > >> 1: # JavaFX Vulnerabilities >> 2: >> 3: Please follow the process outlined in the [OpenJDK Vulnerability >> Policy](https://openjdk.org/groups/vulnerability/report) to disclose >> vulnerabilities in JavaFX. > > since FX is not technically a part of JDK, should it point to a separate > (new) page instead of https://openjdk.org/groups/vulnerability/report ? No. JavaFX _is_ part of OpenJDK. It is irrelevant whether or not it happens to be bundled with the JDK. ------------- PR Review Comment: https://git.openjdk.org/jfx/pull/1578#discussion_r1776009562
