From a5540b153b81f9c1ac2242d6987cbc0047b97006 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ulises=20Gasc=C3=B3n?= <ulisesgascongonzalez@gmail.com>
Date: Thu, 2 Apr 2026 12:57:19 +0200
Subject: [PATCH] docs: reports via email are no longer accepted

Updated the security reporting process to clarify that reports via email are no longer accepted and to specify using the Express repository.
---
 SECURITY.md | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index f50df4c..02e0c1d 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -46,15 +46,11 @@ To report a vulnerability
 
 This process applies to any repositories within the Express ecosystem. 
 If you are unsure whether a repository falls under this policy, 
-feel free to reach out via email.  
+use the express repository
 
 ### Reporting via Email  
 
-If you prefer, you can also report security issues by emailing `express-security@lists.openjsf.org`.  
-
-To ensure a timely response, please include all relevant details directly in the email body rather than linking to external sources or attaching files.  
-
-The lead maintainer will acknowledge your email within 48 hours and provide an initial response outlining the next steps. The security team will keep you updated on the progress and may request additional details.  
+We don't accept reports via emails anymore.
 
 ### Third-Party Modules