Tech:GHSA

GHSA or GitHub Security Advisories is a tool used to create public advisories for Security issues, Request CVEs and create private security fix drafts.

If you need to use it, follow the below steps:
 * 1) go to https://github.com/miraheze/ /security/advisories/new
 * 2) fill out the information, it does not have to be accurate yet. Just there. Use TBC if not sure.
 * 3) Invite anyone who doesn't show as having access and needs it.
 * 4) If a fix is possible:
 * Click the create private fork button. This must be done by a member of that repo.
 * Start creating your patch privately.
 * Ask someone to review both the advisory and patch.
 * Click 'Request CVE'. You can not publish the advisory. A CVE is only available to repos meant to be used by others (MediaWiki extensions primarily, not Magic/Puppet/mw-config).
 * Publish it, you may for some want to inform Wikimedia Security to add to the next supplementary announcement.
 * Check the information on Mitire/NVD is correct and communicate with them.


 * 1) If a fix is not possible
 * Ask someone to review the advisory
 * Follow 4-6 above.