From ef9bdd48957de5a0a000e08e5d8454f8b7fa3ad8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Oliver=20G=C3=BCnther?= Date: Tue, 26 May 2026 14:07:58 +0200 Subject: [PATCH] Update pre-release notification criteria in README Clarified language regarding pre-release notifications for critical and high-risk vulnerabilities. --- docs/security-and-privacy/statement-on-security/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/security-and-privacy/statement-on-security/README.md b/docs/security-and-privacy/statement-on-security/README.md index 596800c6600..162ddaf410b 100644 --- a/docs/security-and-privacy/statement-on-security/README.md +++ b/docs/security-and-privacy/statement-on-security/README.md @@ -135,7 +135,7 @@ A security issue is considered fixed only once the fix has been released for all ### Pre-release notification -For critical and high-severity vulnerabilities, subscribers of our [security mailing list](#security-announcements-mailing-list) will receive a pre-release notification **7 days before** the security release. This notification will include the planned release date and the severity of the issue, but will **not** include vulnerability details or patches. This gives administrators time to schedule maintenance windows and prepare for an upgrade. +For critical and high-risk vulnerabilities with clear attack vectors, and immediate action to be taken by administrators, subscribers of our [security mailing list](#security-announcements-mailing-list) will receive a pre-release notification **7 days before** the security release. This notification will include the planned release date and the severity of the issue, but will not include vulnerability details or patches. This gives administrators time to schedule maintenance windows and prepare for an upgrade. ### Public disclosure