Dev news

Commit 5a7b6cf1c3 for asterisk.org

commit 5a7b6cf1c349cbc6dbdc9d007f081a0ce9130526
Author: George Joseph <gjoseph@sangoma.com>
Date:   Thu Mar 19 07:35:30 2026 -0600

    SECURITY.md: Update with additional instructions.

    Also added line breaks for people reading this file directly
    from the code base.

diff --git a/SECURITY.md b/SECURITY.md
index b3fd9bbaf4..04562a4c92 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -2,8 +2,26 @@

 ## Supported Versions

-The Asterisk project maintains a [documentation page](https://docs.asterisk.org/About-the-Project/Asterisk-Versions/) of releases. Each version is listed with its release date, security fix only date, and end of life date. Consult this wiki page to see if the version of Asterisk you are reporting a security vulnerability against is still supported.
+The Asterisk project maintains an
+[Asterisk-Versions](https://docs.asterisk.org/About-the-Project/Asterisk-Versions/)
+page on the project's [documentation website](https://docs.asterisk.org).
+Each version is listed with its release date, security fix only date, and end of life
+date. Consult this wiki page to see if the version of Asterisk you are reporting a
+security vulnerability against is still supported.

 ## Reporting a Vulnerability

-To report a vulnerability use the "Report a vulnerability" button under the "Security" tab of this project.
+Please see the
+[Asterisk Security Vulnerabilities](https://docs.asterisk.org/About-the-Project/Asterisk-Security-Vulnerabilities/)
+page on the [documentation website](https://docs.asterisk.org) then use the
+"Report a vulnerability" button under the
+["Security"](https://github.com/asterisk/asterisk/security)
+tab of this project's GitHub repository.
+**Never use regular GitHub issues to report security vulnerabilities!**
+
+##### Do NOT use the "Start a temporary private fork" security advisory feature!
+
+Private forks created from security advisories are severly limited by GitHub
+and cannot run the workflows necessary for validation and testing.  Once an
+advisory is accepted, the reporter will be given instructions on how to
+submit or test a fix pull request.