From 5fa608dfd2dc52e03ef006d2987822fd3b4879a6 Mon Sep 17 00:00:00 2001
From: Bruno Oliveira da Silva <bruno@abstractj.com>
Date: Wed, 13 Dec 2023 09:25:49 -0300
Subject: [PATCH 1/2] Update the security policy to prevent some back and forth
 with the community

Signed-off-by: Bruno Oliveira da Silva <bruno@abstractj.com>

Signed-off-by: Bruno Oliveira da Silva <bruno@abstractj.com>
---
 pages/security.ftl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pages/security.ftl b/pages/security.ftl
index 3e286961..40a2117a 100644
--- a/pages/security.ftl
+++ b/pages/security.ftl
@@ -11,7 +11,7 @@
 
     <p>It is important that suspected vulnerabilities are disclosed in a responsible way, and are not publicly disclosed until after they have been analysed and a fix is available.</p>
 
-    <p>To report a security vulnerability, send an email to <a href="mailto:keycloak-security@googlegroups.com">keycloak-security@googlegroups.com</a>.</p>
+    <p>To report a security vulnerability, send an email to <a href="mailto:keycloak-security@googlegroups.com">keycloak-security@googlegroups.com</a>. Please include the version affected, provide detailed instructions on how to reproduce the issue, and include your contact information for acknowledgements.</p>
 
     <p>If you would like to work with us on a fix for the security vulnerability, please include your GitHub username in the above email, and we will provide you access to a temporary private fork where we can collaborate on a fix without it being disclosed publicly.</p>
 

From 8c27beef37241ffb205ec3c63c9276e2168b5715 Mon Sep 17 00:00:00 2001
From: Bruno Oliveira da Silva <bruno@abstractj.com>
Date: Wed, 13 Dec 2023 17:43:11 -0300
Subject: [PATCH 2/2] Adding a mention about third-party libraries

Signed-off-by: Bruno Oliveira da Silva <bruno@abstractj.com>
---
 pages/security.ftl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pages/security.ftl b/pages/security.ftl
index 40a2117a..593058dc 100644
--- a/pages/security.ftl
+++ b/pages/security.ftl
@@ -11,7 +11,7 @@
 
     <p>It is important that suspected vulnerabilities are disclosed in a responsible way, and are not publicly disclosed until after they have been analysed and a fix is available.</p>
 
-    <p>To report a security vulnerability, send an email to <a href="mailto:keycloak-security@googlegroups.com">keycloak-security@googlegroups.com</a>. Please include the version affected, provide detailed instructions on how to reproduce the issue, and include your contact information for acknowledgements.</p>
+    <p>To report a security vulnerability in the Keycloak codebase, send an email to <a href="mailto:keycloak-security@googlegroups.com">keycloak-security@googlegroups.com</a>. Please include the version affected, provide detailed instructions on how to reproduce the issue, and include your contact information for acknowledgements. If you are reporting known CVEs related to third-party libraries used in Keycloak, please <a href="https://github.com/keycloak/keycloak/issues/new/choose">create a new GitHub issue</a>.</p>
 
     <p>If you would like to work with us on a fix for the security vulnerability, please include your GitHub username in the above email, and we will provide you access to a temporary private fork where we can collaborate on a fix without it being disclosed publicly.</p>