Merge pull request #45240 from nextcloud/jtr/issue-template-security-redirect

fix(issue_template): Add security reporting redirect to bug report form

.github/ISSUE_TEMPLATE/BUG_REPORT.yml

@@ -1,4 +1,4 @@
-name: "Bug report: Nextcloud Server"
+name: "🐛 Bug report: Nextcloud Server"
 description: "Submit a report and help us improve Nextcloud Server"
 title: "[Bug]: "
 labels: ["bug", "0. Needs triage"]
@@ -9,6 +9,14 @@ body:
         ### 👍 Thank you for contributing to our project!
         Please note this is a **free and open-source** project. Most people take on their own time to help you, so please, be patient.
         You can obtain [Enterprise support](https://nextcloud.com/support/) if you run Nextcloud Server in a mission critical environment.
+  - type: markdown
+    attributes:
+      value: |
+        ### 🚨 SECURITY INFO
+        If you are reporting a security concern, please report it via [our HackerOne page](https://hackerone.com/nextcloud) instead and review our [security policy](https://nextcloud.com/security/).
+        This allows us to coordinate the fix and release without potentially exposing all Nextcloud servers and users in the meantime.
+        It also may qualify your report for a bug bounty reward.
+        Thank you for helping make Nextcloud more secure!
   - type: checkboxes
     id: before-posting
     attributes:

.github/ISSUE_TEMPLATE/config.yml

@@ -1,5 +1,7 @@
-blank_issues_enabled: false
 contact_links:
+    - name: 🚨 Report a security or privacy issue
+      url: https://hackerone.com/nextcloud
+      about: Report security and privacy related issues privately to the Nextcloud team, so we can coordinate the fix and release without potentially exposing all Nextcloud servers and users in the meantime.
     - name: ❓ Community Support and Help
       url: https://help.nextcloud.com/
       about: Configuration, webserver/proxy or performance issues and other questions