chore: improve security.md [ci skip]

yyx990803 · yyx990803 · commit 7bb9dd09c561 · 2021-10-10T17:38:37.000-04:00
diff --git a/SECURITY.md b/SECURITY.md
@@ -1,3 +1,7 @@
 # Reporting a Vulnerability
 
-Please send vulnerability reports to: security@vuejs.org
+To report a vulnerability, please email security@vuejs.org.
+
+While the discovery of new vulnerabilities is rare, we also recommend always using the latest versions of Vue and its official companion libraries to ensure your application remains as secure as possible.
+
+Please note that we do not consider XSS via template expressions a valid attack vector, because it can only happen if the user intentionally uses untrusted content as template compilation source. This is similar to knowingly pasting untrusted scripts into a browser console. We explicitly warn users against using untrusted content as template compilation source in our documentation.

-Original file line number
+Diff line change
 # Reporting a Vulnerability
 -Please send vulnerability reports to: [email protected]
 +To report a vulnerability, please email [email protected].
++
 +While the discovery of new vulnerabilities is rare, we also recommend always using the latest versions of Vue and its official companion libraries to ensure your application remains as secure as possible.
++
 +Please note that we do not consider XSS via template expressions a valid attack vector, because it can only happen if the user intentionally uses untrusted content as template compilation source. This is similar to knowingly pasting untrusted scripts into a browser console. We explicitly warn users against using untrusted content as template compilation source in our documentation.