We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
There was an error while loading. Please reload this page.
1 parent 0164145 commit efbb99eCopy full SHA for efbb99e
1 file changed
security/policy.rst
@@ -138,6 +138,9 @@ Here's what to expect for how a vulnerability report will be handled:
138
may open a public issue.
139
* If the PSRT determines the report is a vulnerability, the PSRT will
140
accept the report and a CVE ID will be assigned by the PSF CNA.
141
+
142
+ Do not publicly reference the assigned CVE ID before its record is published,
143
+ as the report and ID remain provisional and may still be changed.
144
* Once a public pull request containing a fix is merged to CPython,
145
the advisory and CVE record will be published with attribution.
146
0 commit comments