docs(security): Update disclosure timeline (#9581)

<!-- Clearly explain the need for these changes: -->
Update the security.md based on some advice we got :)

### Changes 🏗️
- Adds an update time window and clarifies time spans
<!-- Concisely describe all of the changes made in this pull request:
-->
This commit is contained in:
Nicholas Tindle 2025-03-06 09:59:07 -06:00 committed by GitHub
parent bc71eac0ec
commit da2aa34e3e
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -20,6 +20,7 @@ Instead, please report them via:
- Please provide detailed reports with reproducible steps
- Include the version/commit hash where you discovered the vulnerability
- Allow us a 90-day security fix window before any public disclosure
- After patch is released, allow 30 days for users to update before public disclosure (for a total of 120 days max between update time and fix time)
- Share any potential mitigations or workarounds if known
## Supported Versions