--- a/hugo/content/about/security/_index.md Tue Jul 13 14:40:03 2021 -0500
+++ b/hugo/content/about/security/_index.md Thu Jul 15 00:40:59 2021 -0500
@@ -10,15 +10,26 @@
security-related information, and for disclosing this information to the
-Please see our comprehensive
-[list of known and reported security advisories](advisories/) for
-information on past vulnerabilities.
+Please see our comprehensive [list of known and reported security +advisories]({{< ref "about/security/advisories" >}}) for information on past ## Reporting a Security-related Issue
If you believe you have discovered a security problem or vulnerability in
Pidgin, libpurple, Finch, or one of our related projects, please let us know
-by emailing [security@pidgin.im](mailto:security@pidgin.im).
+by using one of the following methods: +* **Our preferred way:** Emailing + [security@pidgin.im](mailto:security@pidgin.im). + [new issue](https://issues.imfreedom.org/newIssue?project=PIDGIN&c=visible%20to%20Pidgin%20Developers) + link, which will create a new issue in our issue tracker while ensuring that + its visibility is set so that it's only visible to the `Pidgin Developers` + team. The visibility selection we are referring to can be verified by looking + for it right above the *Create* button. Setting a limited visibility is of + *utmost* importance as otherwise we'd need to consider the vulnerability to + have been made public since everyone could read it from our issue tracker. In order to help us fix the problem as quickly as possible and with as little
exposure to malicious intent to our users as can be managed, we ask that you
@@ -62,4 +73,3 @@
If you believe you should be on this list, please contact
[security@pidgin.im](mailto:security@pidgin.im) and let us know why.
--- a/hugo/content/development/contributing.md Tue Jul 13 14:40:03 2021 -0500
+++ b/hugo/content/development/contributing.md Thu Jul 15 00:40:59 2021 -0500
@@ -79,7 +79,7 @@
existing bug reports that match the issue you have encountered. This is to
ensure that we are not submitting a duplicate issue.
1. If the bug you are reporting is a previously unknown security vulnerability,
- please read our (Security page)[{{< ref "about/security" >}}] for details on
+ please read our [Security page]({{< ref "about/security" >}}) for details on how to submit a security vulnerability report. It's of utmost importance that
security issues are not made public until we have the chance to fix them,
otherwise our users will be vulnerable until we are able to fix the issue and