Hi Claus, On Wed, Dec 8, 2021 at 9:42 AM Claus Ibsen <[email protected]> wrote: > We could add our advisories to > https://github.com/apache/camel/security/advisories > > I am not sure how to do that - is it potentially just to drop a file > with a special name in the root or something?
I don't think we (PMC, committers) have permission required to create those. The URL above should have a `New draft security advisory` button. What would be interesting is if there was some automation from ASF security folk to publish security advisories to GitHub. Though I'm not sure in the grand scheme of things if this is helpful or not -- ASF publishes CVEs to MITRE and I'm assuming GitHub sources those as well. I'm guessing that's a conversation to be had with the ASF security folk. zoran -- Zoran Regvart
