You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: .github/INCIDENT_RESPONSE.md
+1-2Lines changed: 1 addition & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -125,8 +125,7 @@ Vulnerabilities and incidents may be reported or discovered through:
125
125
5.**Request a CVE** through the GitHub Security Advisory workflow (GitHub is a CVE
126
126
Numbering Authority — no separate MITRE form required). The CVE is reserved privately
127
127
and published automatically when the advisory goes public.
128
-
6. Notify Tidelift if the severity is High or Critical.
129
-
7.**Escalation** — Escalate beyond the core maintainer team if any of the following apply:
128
+
6.**Escalation** — Escalate beyond the core maintainer team if any of the following apply:
130
129
- The vulnerability is being actively exploited in the wild → notify [GitHub Security](mailto:security@github.com) and the [Python Security Response Team](https://www.python.org/news/security/)
131
130
- The fix requires changes to CPython or a dependency outside Pillow's control → contact the relevant upstream immediately
132
131
- A legal concern arises (e.g. GDPR-reportable data exposure) → contact the project's legal/fiscal sponsor
0 commit comments