If you have worked on a CVE with our team or have gotten approval in your Hackerone report to publicly disclose a vulnerability:
- Fork this repo.
- Draft a writeup in a branch titled after the vulnerability.
- Submit a PR to this repo.
Any change to the repo including advisories of any kind warrant a bump to the CHANGELOG.
Follow [https://keepachangelog.com/en/1.0.0/] to the best of your ability. New writeups and github security advisories are minor releases while changes to the repo process are major. Typos and content revisions are considered patch releases.