_content/security: update pre-announcement block
To include that we put CVE IDs in the pre-announcement email.
Updates golang/go#56547
Change-Id: I113873339c93e8a33e63d15a471b800beb09e390
Reviewed-on: https://go-review.googlesource.com/c/website/+/470757
Reviewed-by: Julie Qiu <julieqiu@google.com>
Run-TryBot: Roland Shoemaker <roland@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
diff --git a/_content/security/policy.md b/_content/security/policy.md
index ae76cc0..b0c4db9 100644
--- a/_content/security/policy.md
+++ b/_content/security/policy.md
@@ -67,9 +67,9 @@
releases](/wiki/MinorReleases)**, and are kept private until then.
Three to seven days before the release, a pre-announcement is sent to
-golang-announce, announcing the presence of a security fix in the upcoming
-releases, and whether the issue affects the standard library, the toolchain, or
-both (but not disclosing any more details).
+golang-announce, announcing the presence of one or more security fixes in the
+upcoming releases, and whether the issues affect the standard library, the
+toolchain, or both, as well as reserved CVE IDs for each of the fixes.
Some examples of past PRIVATE issues include:
