Fixes #13628: replaced invalid security email.

[Pa-Touche]

security@sormas.org -> info@sormas.org

Fixes #13628

Summary by CodeRabbit

• Documentation
  • Updated security incident reporting contact to info@sormas.org.
  • Clarified reporting timeframe (report within 10 business days) and progress-update expectations toward a fix.
  • Improved wording and line breaks for better readability throughout the security guidance.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Warning

Rate limit exceeded

@Pa-Touche has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 26 minutes and 32 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 786be47 and dc32fc2.

📒 Files selected for processing (1)

• docs/SECURITY.md

📝 Walkthrough

Walkthrough

Corrected the security reporting email in docs/SECURITY.md from security@sormas.org to info@sormas.org, and adjusted line breaks/paragraph wrapping for readability in the Reporting a Security Bug and Disclosure Policy sections.

Changes

Cohort / File(s)	Summary
Documentation Update docs/SECURITY.md	Replaced reporting email address (security@sormas.org → info@sormas.org); introduced line breaks and reflowed paragraphs for clarity in the Reporting a Security Bug and Disclosure Policy sections.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 I found a typo on the run,
Swapped an email, quick as fun,
Info hops in where security fell,
Docs now read clear and well,
A tiny fix — a cheerful pun.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes the main change: replacing an invalid security email address and references the linked issue number.
Description check	✅ Passed	The description is minimal but complete, showing the email replacement and properly referencing the linked issue #13628 as required by the template.
Linked Issues check	✅ Passed	The pull request successfully addresses the primary objective from issue #13628 by replacing the undeliverable security@sormas.org email with info@sormas.org.
Out of Scope Changes check	✅ Passed	All changes are directly related to the objective of fixing the invalid security email. Line wrapping improvements are minor formatting adjustments within the same file and scope.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In @docs/SECURITY.md:
- Around line 7-9: The nested Markdown list items currently indented with 4
spaces should use 2-space indentation to satisfy lint rule MD007; update the
three lines ("Reporting a Security Bug", "Disclosure Policy", "Comments on this
Policy") to be indented by 2 spaces instead of 4 so the list nesting level is
correct and lint warnings are resolved.
- Line 22: Update the SECURITY.md entry that currently says "Report security
bugs by emailing at **info@sormas.org**." to use a dedicated, monitored security
address (e.g., replace the string "info@sormas.org" with "security@sormas.org"
or your org's official security contact), and ensure the documentation notes
that this mailbox is actively monitored and routed to the security team for
timely handling.

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between af6249b and c99a3c4.

📒 Files selected for processing (1)

• docs/SECURITY.md

🧰 Additional context used

🪛 markdownlint-cli2 (0.18.1)

docs/SECURITY.md

7-7: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

---

8-8: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

---

9-9: Unordered list indentation
Expected: 2; Actual: 4

(MD007, ul-indent)

---

22-22: Bare URL used

(MD034, no-bare-urls)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: SORMAS CI

🔇 Additional comments (1)

docs/SECURITY.md (1)

24-27: Good improvement to set clear expectations.

The expanded acknowledgment and follow-up process provides better transparency for security reporters about response timelines and next steps.

[sormas-vitagroup]

SonarCloud analysis: https://sonarcloud.io/dashboard?id=SORMAS-Project&pullRequest=13787

[sormas-vitagroup]

SonarCloud analysis: https://sonarcloud.io/dashboard?id=SORMAS-Project&pullRequest=13787

[sormas-vitagroup]

SonarCloud analysis: https://sonarcloud.io/dashboard?id=SORMAS-Project&pullRequest=13787

[sormas-vitagroup]

SonarCloud analysis: https://sonarcloud.io/dashboard?id=SORMAS-Project&pullRequest=13787

[sormas-vitagroup]

SonarCloud analysis: https://sonarcloud.io/dashboard?id=SORMAS-Project&pullRequest=13787