From 2f60ee3b456d5a16835e131a7d795270a2a64f76 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stephan=20Gro=C3=9Fberndt?= <stephan.grossberndt@typo3.org>
Date: Tue, 25 Apr 2023 12:16:12 +0200
Subject: [PATCH] [DOCS] Update SECURITY.md

Releases: main
Resolves: #100747
Change-Id: Ifd39f0813996674620fe1b89aef29ca87351e5b9
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78839
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Oliver Klee <typo3-coding@oliverklee.de>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Oliver Klee <typo3-coding@oliverklee.de>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
---
 SECURITY.md | 55 ++++++++++++++++++++++++++---------------------------
 1 file changed, 27 insertions(+), 28 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index afdfa2384977..a9094fb0bb96 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -2,35 +2,34 @@
 
 ## Supported Versions
 
-The following matrix shows the versions that are currently maintained
-by the TYPO3 Community. Sprint releases (versions before 11.5.0 and
-before 10.4.0, in their corresponding branches) are not maintained nor
-supported.
-
-| Version         | Supported          |
-| --------------- | ------------------ |
-|          12.4.x | :white_check_mark: |
-|          12.3.x | :x:                |
-|          12.2.x | :x:                |
-|          12.1.x | :x:                |
-|          12.0.x | :x:                |
-|          11.5.x | :white_check_mark: |
-|        < 11.5.0 | :x:                |
+The following matrix shows the versions currently maintained by the
+TYPO3 Community. Sprint releases (versions before 12.4.0 and 11.5.0,
+in their corresponding branches) are neither maintained nor supported.
+
+| Version  | Supported          |
+|----------|--------------------|
+| 12.4.x   | :white_check_mark: |
+| 12.3.x   | :x:                |
+| 12.2.x   | :x:                |
+| 12.1.x   | :x:                |
+| 12.0.x   | :x:                |
+| 11.5.x   | :white_check_mark: |
+| < 11.5.0 | :x:                |
 
 ## Reporting a Vulnerability
 
-Please report potential vulnerabilities to [security@typo3.org](mailto:security@typo3.org)
+Please report possible vulnerabilities to [security@typo3.org](mailto:security@typo3.org)
 
-* mention the project that is affected (either TYPO3 core or a TYPO3 extension/plugin)
-* mention the exact version or version range that has been analyzed
-* provide a step-by-step description on how to exploit the potential vulnerability
+* Name the affected project (either TYPO3 Core or a TYPO3 extension/plugin)
+* Name the exact version or version range that has been analysed
+* Provide a step-by-step description of how to exploit the potential vulnerability
 
 ### Coordinated Disclosure
 
-The TYPO3 Security Team will coordinate with core mergers or corresponding
-extension/plugin maintainers and other affected parties. If a security fix
-is ready, we then will package new releases and announce the fix to the
-public using various communication channels like:
+The [TYPO3 Security Team](https://typo3.org/community/teams/security) will
+coordinate with core mergers or corresponding extension/plugin maintainers and
+other affected parties. When a security fix is ready, we will package new
+releases and announce the fix to the public using various communication channels like:
 
 * [TYPO3 Security Advisories](https://typo3.org/help/security-advisories)
 * [TYPO3 Security Team on Twitter](https://twitter.com/typo3_security)
@@ -38,11 +37,11 @@ public using various communication channels like:
 * [TYPO3 Announce Mailing List](http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce)
 
 The TYPO3 Security Team is taking care of requesting CVE IDs (common vulnerability and exposer identifiers).
-Please do not post or publish vulnerabilties to public issue trackers or discuss it on Slack or Twitter.
+Please do not post or publish vulnerabilities to public issue trackers or discuss them on Slack or Twitter.
 
 ### Message Encryption
 
-It is possible to send GPG/PGP encrypted emails to security@typo3.org using key id
+It is possible to send GPG/PGP encrypted emails to [security@typo3.org](mailto:security@typo3.org) using key id
 `C05FBE60` (complete fingerprint `B41CÂ C3EFÂ 373EÂ 0F5CÂ 7018Â Â 7FE9Â 3BEFÂ BD27Â C05FÂ BE60`):
 
 * download [public key file from typo3.org](https://typo3.org/fileadmin/t3o_common_storage/keys/B41CC3EF373E0F5C70187FE93BEFBD27C05FBE60.asc)
@@ -50,9 +49,9 @@ It is possible to send GPG/PGP encrypted emails to security@typo3.org using key
 
 ## TYPO3 Release Dates / "Patchday"
 
-TYPO3 releases (including potential security fixes) are usually released
-on Tuesdays (except for holidays like Christmas or New Year's Day).
+TYPO3 releases (including possible security fixes) are usually published
+on Tuesdays (except on holidays like Christmas or New Year).
 
-[Maintenance releases](https://typo3.org/cms/roadmap/maintenance-releases)
+The [Maintenance Releases](https://typo3.org/cms/roadmap/maintenance-releases)
 for stable versions have been scheduled in advance - it is very likely that
-security fixes are released during these dates as well.
+security fixes will also be released on these dates.
-- 
GitLab