From 1951e20d1040627faf3b6722c88ddf0e86ecf50e Mon Sep 17 00:00:00 2001
From: Suriyaa Sundararuban <isc.suriyaa@gmail.com>
Date: Mon, 4 Jan 2021 12:42:47 +0100
Subject: [PATCH] SECURITY.md: link to release page (#22067)

Add links to go-ethereum's GitHub release page.

Co-authored-by: Felix Lange <fjl@twurst.com>
---
 SECURITY.md | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index bc54ede42..bdce7b8d2 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -2,31 +2,29 @@
 
 ## Supported Versions
 
-Please see Releases. We recommend to use the most recent released version.  
+Please see [Releases](https://github.com/ethereum/go-ethereum/releases). We recommend using the [most recently released version](https://github.com/ethereum/go-ethereum/releases/latest).
 
 ## Audit reports
 
 Audit reports are published in the `docs` folder: https://github.com/ethereum/go-ethereum/tree/master/docs/audits 
 
-
 | Scope | Date | Report Link |
 | ------- | ------- | ----------- |
 | `geth` | 20170425 | [pdf](https://github.com/ethereum/go-ethereum/blob/master/docs/audits/2017-04-25_Geth-audit_Truesec.pdf) |
 | `clef` | 20180914 | [pdf](https://github.com/ethereum/go-ethereum/blob/master/docs/audits/2018-09-14_Clef-audit_NCC.pdf) |
 
-
-
 ## Reporting a Vulnerability
 
 **Please do not file a public ticket** mentioning the vulnerability.
 
-To find out how to disclose a vulnerability in Ethereum visit [https://bounty.ethereum.org](https://bounty.ethereum.org) or email bounty@ethereum.org.
+To find out how to disclose a vulnerability in Ethereum visit [https://bounty.ethereum.org](https://bounty.ethereum.org) or email bounty@ethereum.org. Please read the [disclosure page](https://github.com/ethereum/go-ethereum/security/advisories?state=published) for more information about publically disclosed security vulnerabilities.
+
+Use the built-in `geth version-check` feature to check whether the software is affected by any known vulnerability. This command will fetch the latest [`vulnerabilities.json`](https://geth.ethereum.org/docs/vulnerabilities/vulnerabilities.json) file which contains known security vulnerabilities concerning `geth`, and cross-check the data against its own version number.
 
 The following key may be used to communicate sensitive information to developers.
 
 Fingerprint: `AE96 ED96 9E47 9B00 84F3 E17F E88D 3334 FA5F 6A0A`
 
-
 ```
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 Version: GnuPG v1
-- 
GitLab