Repositories may now specify a security policy by creating a file named SECURITY.MD. This file should be used to instruct users about how and when to report security vulnerabilities to the repository maintainers. When included, this file will be shown in the repository’s “Security” tab, and in the new issue workflow.
The 2.17.0 release of GitHub Enterprise Server is now available for download. The latest release includes draft pull requests, security vulnerability alerts, batching suggested changes, and more.