Skip to content

Commit e4e8920

Browse files
committed
chore(security): remove public README fallback per review
CodeRabbit flagged that the README-listed channels (Discord, X, general support) are not guaranteed to be private and should not be used as a disclosure fallback. Replaced with explicit guidance plus a TODO for maintainers to fill in a dedicated security alias before merge.
1 parent 943cd7a commit e4e8920

1 file changed

Lines changed: 8 additions & 3 deletions

File tree

SECURITY.md

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -11,9 +11,14 @@ To report a security issue, use GitHub's private vulnerability reporting feature
1111
1. Go to <https://github.com/crewAIInc/crewAI/security/advisories/new>
1212
2. Provide a clear description, affected version(s), and reproduction steps.
1313

14-
A maintainer will respond to triage the report. If you cannot use GitHub's
15-
private reporting, please contact the maintainers via the channels listed
16-
in the project [README](README.md).
14+
A maintainer will respond to triage the report.
15+
16+
If GitHub's private reporting is not available to you, please request a
17+
private channel by emailing the maintainers. <!-- TODO(maintainers): replace
18+
with a dedicated security alias (e.g. `security@crewai.com`) before merging. -->
19+
20+
Public channels listed in the README (Discord, X, general support) are **not**
21+
guaranteed to be private and should not be used to disclose vulnerabilities.
1722

1823
### What to include
1924

0 commit comments

Comments
 (0)