This account changed the instructions for reporting security issues in the xz github as their very last commit:
commit af071ef7702debef4f1d324616a0137a5001c14c (HEAD -> master, origin/master, origin/HEAD)
Author: Jia Tan <jiat0218@gmail.com>
Date: Tue Mar 26 01:50:02 2024 +0800
Docs: Simplify SECURITY.md.
diff --git a/.github/SECURITY.md b/.github/SECURITY.md
index e9b3458a..9ddfe8e9 100644
--- a/.github/SECURITY.md
+++ b/.github/SECURITY.md
@@ -16,13 +16,7 @@ the chance that the exploit will be used before a patch is released.
You may submit a report by emailing us at
[xz@tukaani.org](mailto:xz@tukaani.org), or through
[Security Advisories](https://github.com/tukaani-project/xz/security/advisories/new).
-While both options are available, we prefer email. In any case, please
-provide a clear description of the vulnerability including:
-
-- Affected versions of XZ Utils
-- Estimated severity (low, moderate, high, critical)
-- Steps to recreate the vulnerability
-- All relevant files (core dumps, build logs, input files, etc.)
+While both options are available, we prefer email.
This project is maintained by a team of volunteers on a reasonable-effort
basis. As such, please give us 90 days to work on a fix before
Seems innocuous, but maybe they were planning further changes.