From 88b684c9816ffcb2f0c9b89934aa1d718beeddb5 Mon Sep 17 00:00:00 2001
From: Brian Clozel <brian.clozel@broadcom.com>
Date: Tue, 15 Oct 2024 17:57:04 +0200
Subject: [PATCH] Update security policy and issue template

Because Spring Framework already has a security policy, this shows up in
the issue template automatically. This commit removes the extra external
link and updates the original security policy.

See gh-33711
---
 .github/ISSUE_TEMPLATE/config.yml |  3 ---
 SECURITY.md                       | 15 +++++----------
 2 files changed, 5 insertions(+), 13 deletions(-)

diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
index f425a806d4c..c571906c371 100644
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,8 +1,5 @@
 blank_issues_enabled: false
 contact_links:
-  - name: Security issue
-    url: https://github.com/spring-projects/security-advisories/security/advisories/new
-    about: Security issues must be disclosed and discussed in private. See https://spring.io/security-policy
   - name: Asking for help
     url: https://stackoverflow.com/tags/spring
     about: The Spring team is using StackOverflow for questions.
diff --git a/SECURITY.md b/SECURITY.md
index 2a50f06bd5b..c08afbeb205 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,16 +1,11 @@
-# Security Policy
+# Reporting a Vulnerability
+
+You can create a [draft security advisory here](https://github.com/spring-projects/security-advisories/security/advisories/new).
+Security issues must be disclosed and discussed in private. Please check out our [security policy](https://spring.io/security-policy).
+Note that we can only accept vulnerabilities against [supported versions](https://spring.io/projects/spring-framework#support).
 
 ## JAR signing
 
 Spring Framework JARs released on Maven Central are signed.
 You'll find more information about the key here: https://spring.io/GPG-KEY-spring.txt
 
-## Supported Versions
-
-Please see the
-[Spring Framework Versions](https://github.com/spring-projects/spring-framework/wiki/Spring-Framework-Versions)
-wiki page.
-
-## Reporting a Vulnerability
-
-Please see https://spring.io/security-policy.