Update SECURITY.md to mention apache liability

Signed-off-by: Joyce <joycebrum@google.com>
ReactiveX · Dec 26, 2023 · 00b4ef0 · 00b4ef0
1 parent fa78844
commit 00b4ef0
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -6,8 +6,8 @@ Security updates are applied only to the latest release.
 
 ## Reporting a Vulnerability
 
-If you have discovered a security vulnerability in this project, please report it privately. **Do not disclose it as a public issue.** This gives us time to work with you to fix the issue before public exposure, reducing the chance that the exploit will be used before a patch is released.
+If you have discovered a security vulnerability in this project, please report it privately. **Do not disclose it as a public issue.** This gives us time to work with you to fix the issue before public exposure, reducing the chance that the exploit will be used before a patch is released. Besides, make sure to align with us before any public disclosure to ensure no dangerous information goes public too soon.
 
 Please disclose it at [security advisory](https://github.com/ReactiveX/rxjs/security/advisories/new).
 
-This project is maintained by a team of volunteers on a reasonable-effort basis. As such, please give us at least 90 days to work on a fix before public exposure.
+Although we will be working to solve any security issue as fast as possible, it is also important to notice that, in accordance with Apache 2.0 terms, no rxjs contributor can be liable for damages, including the ones caused by a security issue.