Vulnerability Guidelines suggestion: Fixed Version must be announced on XF.com

[Alpha1]

I frequently see various developers release new versions that patch security vulnerabilities, but only release or announce the patches on their site or privately through conversation/email.

Currently the guidelines are written from the perspective or assumption that the fix is released/announced on xenforo.com
I think it would be a good thing to clarify the resource vulnerability guidelines in this regard.

 

[Chris D]

I frequently see various developers release new versions that patch security vulnerabilities, but only release or announce the patches on their site or privately through conversation/email.

Can you please provide details?