Remove references to discourse.joinmastodon.org (#17797)

Remove broken CODEOWNERS file Add sponsor.joinmastodon.org to FUNDING.yml
2022-03-15 08:13:22 +01:00
parent a794117679
commit 703809ae98
6 changed files with 19 additions and 51 deletions
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,13 +1,19 @@
 # Security Policy

+If you believe you've identified a security vulnerability in Mastodon (a bug that allows something to happen that shouldn't be possible), you should submit the report through our [Bug Bounty Program][bug-bounty]. Alternatively, you can reach us at <hello@joinmastodon.org>.
+
+You should *not* report such issues on GitHub or in other public spaces to give us time to publish a fix for the issue without exposing Mastodon's users to increased risk.
+
+## Scope
+
+A "vulnerability in Mastodon" is a vulnerability in the code distributed through our main source code repository on GitHub. Vulnerabilities that are specific to a given installation (e.g. misconfiguration) should be reported to the owner of that installation and not us.
+
 ## Supported Versions

 | Version | Supported          |
 | ------- | ------------------ |
-| 3.4.x   | :white_check_mark: |
-| 3.3.x   | :white_check_mark: |
-| < 3.3   | :x:                |
+| 3.4.x   | Yes                |
+| 3.3.x   | Yes                |
+| < 3.3   | No                 |

-## Reporting a Vulnerability
-
-hello@joinmastodon.org
+[bug-bounty]: https://app.intigriti.com/programs/mastodon/mastodonio/detail