i18n: new crowdin translations (#2164)

Co-authored-by: Crowdin Bot <support+bot@crowdin.com> Co-authored-by: bjohansebas <103585995+bjohansebas@users.noreply.github.com> Co-authored-by: carlosstenzel <3890516+carlosstenzel@users.noreply.github.com>
2026-02-26 02:54:58 +00:00 · 2026-01-29 21:54:19 -05:00
parent 5efeac806e
commit df7c2e3741
15 changed files with 488 additions and 227 deletions
--- a/de/resources/contributing.md
+++ b/de/resources/contributing.md
@@ -297,42 +297,67 @@ visibility or maintainer input.
 ## Security Policies and Procedures
-<!-- SRC: expressjs/express SECURITY.md -->
+<!-- SRC: expressjs/.github SECURITY.md -->
 This document outlines security procedures and general policies for the Express
 project.
- [Reporting a Bug](#reporting-a-bug)
+- [Reporting a Bug or Security Vulnerability](#reporting-a-bug-or-security-vulnerability)
 - [Disclosure Policy](#disclosure-policy)
 - [Comments on this Policy](#comments-on-this-policy)
 - [The Express Threat Model](#the-express-threat-model)
-### Reporting a Bug
+### Reporting a Bug or Security Vulnerability
-The Express team and community take all security bugs in Express seriously.
+> [!IMPORTANT]
-Thank you for improving the security of Express. We appreciate your efforts and
+> Before reporting a vulnerability, please review the [Express Threat Model](#the-express-threat-model) to check if the issue falls within Express's security scope.
 responsible disclosure and will make every effort to acknowledge your
 contributions.
-Report security bugs by emailing `express-security@lists.openjsf.org`.
+The Express team and community take all security vulnerabilities seriously.
 Thank you for improving the security of Express and related projects.
 We appreciate your efforts in responsible disclosure and will make every effort
 to acknowledge your contributions.
-To ensure the timely response to your report, please ensure that the entirety
+A [Security triage team member](https://github.com/expressjs/security-wg#security-triage-team-expressjssecurity-triage)
-of the report is contained within the email body and not solely behind a web
+or [the repo captain](https://github.com/expressjs/discussions/blob/master/docs/contributing/captains_and_committers.md)
-link or an attachment.
+will acknowledge your report as soon as possible.
 These timelines may extend when our triage
 volunteers are away on holiday, particularly at the end of the year.
-The lead maintainer will acknowledge your email within 48 hours, and will send a
+After the initial reply to your report, the security team will
 more detailed response within 48 hours indicating the next steps in handling
 your report. After the initial reply to your report, the security team will
 endeavor to keep you informed of the progress towards a fix and full
 announcement, and may ask for additional information or guidance.
-Report security bugs in third-party modules to the person or team maintaining
+> [!NOTE]  
-the module.
+> You can find more information about our process in [this guide](https://github.com/expressjs/security-wg/blob/main/docs/incident_response_plan.md)
-### Pre-release Versions
+#### Reporting Security Bugs via GitHub Security Advisory (Preferred)
-Alpha and Beta releases are unstable and **not suitable for production use**.
+The preferred way to report security vulnerabilities is through
-Vulnerabilities found in pre-releases should be reported according to the [Reporting a Bug](#reporting-a-bug) section.
+[GitHub Security Advisories](https://github.com/advisories).
-Due to the unstable nature of the branch it is not guaranteed that any fixes will be released in the next pre-release.
+This allows us to collaborate on a fix while maintaining the
 confidentiality of the report.
 To report a vulnerability
 ([docs](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability)):
 1. Visit the **Security** tab of the affected repository on GitHub.
 2. Click **Report a vulnerability** and follow the provided steps.
 This process applies to any repositories within the Express ecosystem.
 If you are unsure whether a repository falls under this policy,
 feel free to reach out via email.
 #### Reporting via Email
 If you prefer, you can also report security issues by emailing `express-security@lists.openjsf.org`.
 To ensure a timely response, please include all relevant details directly in the email body rather than linking to external sources or attaching files.
 The lead maintainer will acknowledge your email within 48 hours and provide an initial response outlining the next steps. The security team will keep you updated on the progress and may request additional details.
 #### Third-Party Modules
 If the security issue pertains to a third-party module that is not directly maintained within the Express ecosystem, please report it to the maintainers of that module.
 ### Disclosure Policy
@@ -345,15 +370,19 @@ involving the following steps:
 - Prepare fixes for all releases still under maintenance. These fixes will be
  released as fast as possible to npm.
 ### The Express Threat Model
 We are currently working on a new version of the security model, the most updated version can be found [here](https://github.com/expressjs/security-wg/blob/main/docs/ThreatModel.md)
 ### Comments on this Policy
 If you have suggestions on how this process could be improved please submit a
 pull request.
 ### The Express Threat Model
 The Express threat model defines the boundaries of what the framework considers its security responsibility. It establishes which elements are trusted (such as the developer, the runtime environment, and application code) versus untrusted (such as data from network connections). Issues arising from trusted elements are considered out of scope, while Express is responsible for safely handling untrusted data.
 Many commonly reported concerns fall outside Express's security scope and are the responsibility of the application developer. Such as prototype pollution from unsanitized user input, misconfigured static file serving, or issues in third-party dependencies.
 For complete details, see the [Express Threat Model](https://github.com/expressjs/security-wg/blob/main/docs/ThreatModel.md).
 ----
 # Contributing to Expressjs.com {#expressjs-website-contributing}
--- a/es/resources/contributing.md
+++ b/es/resources/contributing.md
@@ -297,42 +297,67 @@ visibility or maintainer input.
 ## Security Policies and Procedures
-<!-- SRC: expressjs/express SECURITY.md -->
+<!-- SRC: expressjs/.github SECURITY.md -->
 This document outlines security procedures and general policies for the Express
 project.
- [Reporting a Bug](#reporting-a-bug)
+- [Reporting a Bug or Security Vulnerability](#reporting-a-bug-or-security-vulnerability)
 - [Disclosure Policy](#disclosure-policy)
 - [Comments on this Policy](#comments-on-this-policy)
 - [The Express Threat Model](#the-express-threat-model)
-### Reporting a Bug
+### Reporting a Bug or Security Vulnerability
-The Express team and community take all security bugs in Express seriously.
+> [!IMPORTANT]
-Thank you for improving the security of Express. We appreciate your efforts and
+> Before reporting a vulnerability, please review the [Express Threat Model](#the-express-threat-model) to check if the issue falls within Express's security scope.
 responsible disclosure and will make every effort to acknowledge your
 contributions.
-Report security bugs by emailing `express-security@lists.openjsf.org`.
+The Express team and community take all security vulnerabilities seriously.
 Thank you for improving the security of Express and related projects.
 We appreciate your efforts in responsible disclosure and will make every effort
 to acknowledge your contributions.
-To ensure the timely response to your report, please ensure that the entirety
+A [Security triage team member](https://github.com/expressjs/security-wg#security-triage-team-expressjssecurity-triage)
-of the report is contained within the email body and not solely behind a web
+or [the repo captain](https://github.com/expressjs/discussions/blob/master/docs/contributing/captains_and_committers.md)
-link or an attachment.
+will acknowledge your report as soon as possible.
 These timelines may extend when our triage
 volunteers are away on holiday, particularly at the end of the year.
-The lead maintainer will acknowledge your email within 48 hours, and will send a
+After the initial reply to your report, the security team will
 more detailed response within 48 hours indicating the next steps in handling
 your report. After the initial reply to your report, the security team will
 endeavor to keep you informed of the progress towards a fix and full
 announcement, and may ask for additional information or guidance.
-Report security bugs in third-party modules to the person or team maintaining
+> [!NOTE]  
-the module.
+> You can find more information about our process in [this guide](https://github.com/expressjs/security-wg/blob/main/docs/incident_response_plan.md)
-### Pre-release Versions
+#### Reporting Security Bugs via GitHub Security Advisory (Preferred)
-Alpha and Beta releases are unstable and **not suitable for production use**.
+The preferred way to report security vulnerabilities is through
-Vulnerabilities found in pre-releases should be reported according to the [Reporting a Bug](#reporting-a-bug) section.
+[GitHub Security Advisories](https://github.com/advisories).
-Due to the unstable nature of the branch it is not guaranteed that any fixes will be released in the next pre-release.
+This allows us to collaborate on a fix while maintaining the
 confidentiality of the report.
 To report a vulnerability
 ([docs](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability)):
 1. Visit the **Security** tab of the affected repository on GitHub.
 2. Click **Report a vulnerability** and follow the provided steps.
 This process applies to any repositories within the Express ecosystem.
 If you are unsure whether a repository falls under this policy,
 feel free to reach out via email.
 #### Reporting via Email
 If you prefer, you can also report security issues by emailing `express-security@lists.openjsf.org`.
 To ensure a timely response, please include all relevant details directly in the email body rather than linking to external sources or attaching files.
 The lead maintainer will acknowledge your email within 48 hours and provide an initial response outlining the next steps. The security team will keep you updated on the progress and may request additional details.
 #### Third-Party Modules
 If the security issue pertains to a third-party module that is not directly maintained within the Express ecosystem, please report it to the maintainers of that module.
 ### Disclosure Policy
@@ -345,15 +370,19 @@ involving the following steps:
 - Prepare fixes for all releases still under maintenance. These fixes will be
  released as fast as possible to npm.
 ### The Express Threat Model
 We are currently working on a new version of the security model, the most updated version can be found [here](https://github.com/expressjs/security-wg/blob/main/docs/ThreatModel.md)
 ### Comments on this Policy
 If you have suggestions on how this process could be improved please submit a
 pull request.
 ### The Express Threat Model
 The Express threat model defines the boundaries of what the framework considers its security responsibility. It establishes which elements are trusted (such as the developer, the runtime environment, and application code) versus untrusted (such as data from network connections). Issues arising from trusted elements are considered out of scope, while Express is responsible for safely handling untrusted data.
 Many commonly reported concerns fall outside Express's security scope and are the responsibility of the application developer. Such as prototype pollution from unsanitized user input, misconfigured static file serving, or issues in third-party dependencies.
 For complete details, see the [Express Threat Model](https://github.com/expressjs/security-wg/blob/main/docs/ThreatModel.md).
 ----
 # Contributing to Expressjs.com {#expressjs-website-contributing}
--- a/fr/resources/contributing.md
+++ b/fr/resources/contributing.md
@@ -297,42 +297,67 @@ visibility or maintainer input.
 ## Security Policies and Procedures
-<!-- SRC: expressjs/express SECURITY.md -->
+<!-- SRC: expressjs/.github SECURITY.md -->
 This document outlines security procedures and general policies for the Express
 project.
- [Reporting a Bug](#reporting-a-bug)
+- [Reporting a Bug or Security Vulnerability](#reporting-a-bug-or-security-vulnerability)
 - [Disclosure Policy](#disclosure-policy)
 - [Comments on this Policy](#comments-on-this-policy)
 - [The Express Threat Model](#the-express-threat-model)
-### Reporting a Bug
+### Reporting a Bug or Security Vulnerability
-The Express team and community take all security bugs in Express seriously.
+> [!IMPORTANT]
-Thank you for improving the security of Express. We appreciate your efforts and
+> Before reporting a vulnerability, please review the [Express Threat Model](#the-express-threat-model) to check if the issue falls within Express's security scope.
 responsible disclosure and will make every effort to acknowledge your
 contributions.
-Report security bugs by emailing `express-security@lists.openjsf.org`.
+The Express team and community take all security vulnerabilities seriously.
 Thank you for improving the security of Express and related projects.
 We appreciate your efforts in responsible disclosure and will make every effort
 to acknowledge your contributions.
-To ensure the timely response to your report, please ensure that the entirety
+A [Security triage team member](https://github.com/expressjs/security-wg#security-triage-team-expressjssecurity-triage)
-of the report is contained within the email body and not solely behind a web
+or [the repo captain](https://github.com/expressjs/discussions/blob/master/docs/contributing/captains_and_committers.md)
-link or an attachment.
+will acknowledge your report as soon as possible.
 These timelines may extend when our triage
 volunteers are away on holiday, particularly at the end of the year.
-The lead maintainer will acknowledge your email within 48 hours, and will send a
+After the initial reply to your report, the security team will
 more detailed response within 48 hours indicating the next steps in handling
 your report. After the initial reply to your report, the security team will
 endeavor to keep you informed of the progress towards a fix and full
 announcement, and may ask for additional information or guidance.
-Report security bugs in third-party modules to the person or team maintaining
+> [!NOTE]  
-the module.
+> You can find more information about our process in [this guide](https://github.com/expressjs/security-wg/blob/main/docs/incident_response_plan.md)
-### Pre-release Versions
+#### Reporting Security Bugs via GitHub Security Advisory (Preferred)
-Alpha and Beta releases are unstable and **not suitable for production use**.
+The preferred way to report security vulnerabilities is through
-Vulnerabilities found in pre-releases should be reported according to the [Reporting a Bug](#reporting-a-bug) section.
+[GitHub Security Advisories](https://github.com/advisories).
-Due to the unstable nature of the branch it is not guaranteed that any fixes will be released in the next pre-release.
+This allows us to collaborate on a fix while maintaining the
 confidentiality of the report.
 To report a vulnerability
 ([docs](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability)):
 1. Visit the **Security** tab of the affected repository on GitHub.
 2. Click **Report a vulnerability** and follow the provided steps.
 This process applies to any repositories within the Express ecosystem.
 If you are unsure whether a repository falls under this policy,
 feel free to reach out via email.
 #### Reporting via Email
 If you prefer, you can also report security issues by emailing `express-security@lists.openjsf.org`.
 To ensure a timely response, please include all relevant details directly in the email body rather than linking to external sources or attaching files.
 The lead maintainer will acknowledge your email within 48 hours and provide an initial response outlining the next steps. The security team will keep you updated on the progress and may request additional details.
 #### Third-Party Modules
 If the security issue pertains to a third-party module that is not directly maintained within the Express ecosystem, please report it to the maintainers of that module.
 ### Disclosure Policy
@@ -345,15 +370,19 @@ involving the following steps:
 - Prepare fixes for all releases still under maintenance. These fixes will be
  released as fast as possible to npm.
 ### The Express Threat Model
 We are currently working on a new version of the security model, the most updated version can be found [here](https://github.com/expressjs/security-wg/blob/main/docs/ThreatModel.md)
 ### Comments on this Policy
 If you have suggestions on how this process could be improved please submit a
 pull request.
 ### The Express Threat Model
 The Express threat model defines the boundaries of what the framework considers its security responsibility. It establishes which elements are trusted (such as the developer, the runtime environment, and application code) versus untrusted (such as data from network connections). Issues arising from trusted elements are considered out of scope, while Express is responsible for safely handling untrusted data.
 Many commonly reported concerns fall outside Express's security scope and are the responsibility of the application developer. Such as prototype pollution from unsanitized user input, misconfigured static file serving, or issues in third-party dependencies.
 For complete details, see the [Express Threat Model](https://github.com/expressjs/security-wg/blob/main/docs/ThreatModel.md).
 ----
 # Contributing to Expressjs.com {#expressjs-website-contributing}
--- a/it/resources/contributing.md
+++ b/it/resources/contributing.md
@@ -297,42 +297,67 @@ visibility or maintainer input.
 ## Security Policies and Procedures
-<!-- SRC: expressjs/express SECURITY.md -->
+<!-- SRC: expressjs/.github SECURITY.md -->
 This document outlines security procedures and general policies for the Express
 project.
- [Reporting a Bug](#reporting-a-bug)
+- [Reporting a Bug or Security Vulnerability](#reporting-a-bug-or-security-vulnerability)
 - [Disclosure Policy](#disclosure-policy)
 - [Comments on this Policy](#comments-on-this-policy)
 - [The Express Threat Model](#the-express-threat-model)
-### Reporting a Bug
+### Reporting a Bug or Security Vulnerability
-The Express team and community take all security bugs in Express seriously.
+> [!IMPORTANT]
-Thank you for improving the security of Express. We appreciate your efforts and
+> Before reporting a vulnerability, please review the [Express Threat Model](#the-express-threat-model) to check if the issue falls within Express's security scope.
 responsible disclosure and will make every effort to acknowledge your
 contributions.
-Report security bugs by emailing `express-security@lists.openjsf.org`.
+The Express team and community take all security vulnerabilities seriously.
 Thank you for improving the security of Express and related projects.
 We appreciate your efforts in responsible disclosure and will make every effort
 to acknowledge your contributions.
-To ensure the timely response to your report, please ensure that the entirety
+A [Security triage team member](https://github.com/expressjs/security-wg#security-triage-team-expressjssecurity-triage)
-of the report is contained within the email body and not solely behind a web
+or [the repo captain](https://github.com/expressjs/discussions/blob/master/docs/contributing/captains_and_committers.md)
-link or an attachment.
+will acknowledge your report as soon as possible.
 These timelines may extend when our triage
 volunteers are away on holiday, particularly at the end of the year.
-The lead maintainer will acknowledge your email within 48 hours, and will send a
+After the initial reply to your report, the security team will
 more detailed response within 48 hours indicating the next steps in handling
 your report. After the initial reply to your report, the security team will
 endeavor to keep you informed of the progress towards a fix and full
 announcement, and may ask for additional information or guidance.
-Report security bugs in third-party modules to the person or team maintaining
+> [!NOTE]  
-the module.
+> You can find more information about our process in [this guide](https://github.com/expressjs/security-wg/blob/main/docs/incident_response_plan.md)
-### Pre-release Versions
+#### Reporting Security Bugs via GitHub Security Advisory (Preferred)
-Alpha and Beta releases are unstable and **not suitable for production use**.
+The preferred way to report security vulnerabilities is through
-Vulnerabilities found in pre-releases should be reported according to the [Reporting a Bug](#reporting-a-bug) section.
+[GitHub Security Advisories](https://github.com/advisories).
-Due to the unstable nature of the branch it is not guaranteed that any fixes will be released in the next pre-release.
+This allows us to collaborate on a fix while maintaining the
 confidentiality of the report.
 To report a vulnerability
 ([docs](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability)):
 1. Visit the **Security** tab of the affected repository on GitHub.
 2. Click **Report a vulnerability** and follow the provided steps.
 This process applies to any repositories within the Express ecosystem.
 If you are unsure whether a repository falls under this policy,
 feel free to reach out via email.
 #### Reporting via Email
 If you prefer, you can also report security issues by emailing `express-security@lists.openjsf.org`.
 To ensure a timely response, please include all relevant details directly in the email body rather than linking to external sources or attaching files.
 The lead maintainer will acknowledge your email within 48 hours and provide an initial response outlining the next steps. The security team will keep you updated on the progress and may request additional details.
 #### Third-Party Modules
 If the security issue pertains to a third-party module that is not directly maintained within the Express ecosystem, please report it to the maintainers of that module.
 ### Disclosure Policy
@@ -345,15 +370,19 @@ involving the following steps:
 - Prepare fixes for all releases still under maintenance. These fixes will be
  released as fast as possible to npm.
 ### The Express Threat Model
 We are currently working on a new version of the security model, the most updated version can be found [here](https://github.com/expressjs/security-wg/blob/main/docs/ThreatModel.md)
 ### Comments on this Policy
 If you have suggestions on how this process could be improved please submit a
 pull request.
 ### The Express Threat Model
 The Express threat model defines the boundaries of what the framework considers its security responsibility. It establishes which elements are trusted (such as the developer, the runtime environment, and application code) versus untrusted (such as data from network connections). Issues arising from trusted elements are considered out of scope, while Express is responsible for safely handling untrusted data.
 Many commonly reported concerns fall outside Express's security scope and are the responsibility of the application developer. Such as prototype pollution from unsanitized user input, misconfigured static file serving, or issues in third-party dependencies.
 For complete details, see the [Express Threat Model](https://github.com/expressjs/security-wg/blob/main/docs/ThreatModel.md).
 ----
 # Contributing to Expressjs.com {#expressjs-website-contributing}
--- a/ja/resources/contributing.md
+++ b/ja/resources/contributing.md
@@ -297,42 +297,67 @@ visibility or maintainer input.
 ## Security Policies and Procedures
-<!-- SRC: expressjs/express SECURITY.md -->
+<!-- SRC: expressjs/.github SECURITY.md -->
 This document outlines security procedures and general policies for the Express
 project.
- [Reporting a Bug](#reporting-a-bug)
+- [Reporting a Bug or Security Vulnerability](#reporting-a-bug-or-security-vulnerability)
 - [Disclosure Policy](#disclosure-policy)
 - [Comments on this Policy](#comments-on-this-policy)
 - [The Express Threat Model](#the-express-threat-model)
-### Reporting a Bug
+### Reporting a Bug or Security Vulnerability
-The Express team and community take all security bugs in Express seriously.
+> [!IMPORTANT]
-Thank you for improving the security of Express. We appreciate your efforts and
+> Before reporting a vulnerability, please review the [Express Threat Model](#the-express-threat-model) to check if the issue falls within Express's security scope.
 responsible disclosure and will make every effort to acknowledge your
 contributions.
-Report security bugs by emailing `express-security@lists.openjsf.org`.
+The Express team and community take all security vulnerabilities seriously.
 Thank you for improving the security of Express and related projects.
 We appreciate your efforts in responsible disclosure and will make every effort
 to acknowledge your contributions.
-To ensure the timely response to your report, please ensure that the entirety
+A [Security triage team member](https://github.com/expressjs/security-wg#security-triage-team-expressjssecurity-triage)
-of the report is contained within the email body and not solely behind a web
+or [the repo captain](https://github.com/expressjs/discussions/blob/master/docs/contributing/captains_and_committers.md)
-link or an attachment.
+will acknowledge your report as soon as possible.
 These timelines may extend when our triage
 volunteers are away on holiday, particularly at the end of the year.
-The lead maintainer will acknowledge your email within 48 hours, and will send a
+After the initial reply to your report, the security team will
 more detailed response within 48 hours indicating the next steps in handling
 your report. After the initial reply to your report, the security team will
 endeavor to keep you informed of the progress towards a fix and full
 announcement, and may ask for additional information or guidance.
-Report security bugs in third-party modules to the person or team maintaining
+> [!NOTE]  
-the module.
+> You can find more information about our process in [this guide](https://github.com/expressjs/security-wg/blob/main/docs/incident_response_plan.md)
-### Pre-release Versions
+#### Reporting Security Bugs via GitHub Security Advisory (Preferred)
-Alpha and Beta releases are unstable and **not suitable for production use**.
+The preferred way to report security vulnerabilities is through
-Vulnerabilities found in pre-releases should be reported according to the [Reporting a Bug](#reporting-a-bug) section.
+[GitHub Security Advisories](https://github.com/advisories).
-Due to the unstable nature of the branch it is not guaranteed that any fixes will be released in the next pre-release.
+This allows us to collaborate on a fix while maintaining the
 confidentiality of the report.
 To report a vulnerability
 ([docs](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability)):
 1. Visit the **Security** tab of the affected repository on GitHub.
 2. Click **Report a vulnerability** and follow the provided steps.
 This process applies to any repositories within the Express ecosystem.
 If you are unsure whether a repository falls under this policy,
 feel free to reach out via email.
 #### Reporting via Email
 If you prefer, you can also report security issues by emailing `express-security@lists.openjsf.org`.
 To ensure a timely response, please include all relevant details directly in the email body rather than linking to external sources or attaching files.
 The lead maintainer will acknowledge your email within 48 hours and provide an initial response outlining the next steps. The security team will keep you updated on the progress and may request additional details.
 #### Third-Party Modules
 If the security issue pertains to a third-party module that is not directly maintained within the Express ecosystem, please report it to the maintainers of that module.
 ### Disclosure Policy
@@ -345,15 +370,19 @@ involving the following steps:
 - Prepare fixes for all releases still under maintenance. These fixes will be
  released as fast as possible to npm.
 ### The Express Threat Model
 We are currently working on a new version of the security model, the most updated version can be found [here](https://github.com/expressjs/security-wg/blob/main/docs/ThreatModel.md)
 ### Comments on this Policy
 If you have suggestions on how this process could be improved please submit a
 pull request.
 ### The Express Threat Model
 The Express threat model defines the boundaries of what the framework considers its security responsibility. It establishes which elements are trusted (such as the developer, the runtime environment, and application code) versus untrusted (such as data from network connections). Issues arising from trusted elements are considered out of scope, while Express is responsible for safely handling untrusted data.
 Many commonly reported concerns fall outside Express's security scope and are the responsibility of the application developer. Such as prototype pollution from unsanitized user input, misconfigured static file serving, or issues in third-party dependencies.
 For complete details, see the [Express Threat Model](https://github.com/expressjs/security-wg/blob/main/docs/ThreatModel.md).
 ----
 # Contributing to Expressjs.com {#expressjs-website-contributing}
--- a/ko/resources/contributing.md
+++ b/ko/resources/contributing.md
@@ -297,42 +297,67 @@ visibility or maintainer input.
 ## Security Policies and Procedures
-<!-- SRC: expressjs/express SECURITY.md -->
+<!-- SRC: expressjs/.github SECURITY.md -->
 This document outlines security procedures and general policies for the Express
 project.
- [Reporting a Bug](#reporting-a-bug)
+- [Reporting a Bug or Security Vulnerability](#reporting-a-bug-or-security-vulnerability)
 - [Disclosure Policy](#disclosure-policy)
 - [Comments on this Policy](#comments-on-this-policy)
 - [The Express Threat Model](#the-express-threat-model)
-### Reporting a Bug
+### Reporting a Bug or Security Vulnerability
-The Express team and community take all security bugs in Express seriously.
+> [!IMPORTANT]
-Thank you for improving the security of Express. We appreciate your efforts and
+> Before reporting a vulnerability, please review the [Express Threat Model](#the-express-threat-model) to check if the issue falls within Express's security scope.
 responsible disclosure and will make every effort to acknowledge your
 contributions.
-Report security bugs by emailing `express-security@lists.openjsf.org`.
+The Express team and community take all security vulnerabilities seriously.
 Thank you for improving the security of Express and related projects.
 We appreciate your efforts in responsible disclosure and will make every effort
 to acknowledge your contributions.
-To ensure the timely response to your report, please ensure that the entirety
+A [Security triage team member](https://github.com/expressjs/security-wg#security-triage-team-expressjssecurity-triage)
-of the report is contained within the email body and not solely behind a web
+or [the repo captain](https://github.com/expressjs/discussions/blob/master/docs/contributing/captains_and_committers.md)
-link or an attachment.
+will acknowledge your report as soon as possible.
 These timelines may extend when our triage
 volunteers are away on holiday, particularly at the end of the year.
-The lead maintainer will acknowledge your email within 48 hours, and will send a
+After the initial reply to your report, the security team will
 more detailed response within 48 hours indicating the next steps in handling
 your report. After the initial reply to your report, the security team will
 endeavor to keep you informed of the progress towards a fix and full
 announcement, and may ask for additional information or guidance.
-Report security bugs in third-party modules to the person or team maintaining
+> [!NOTE]  
-the module.
+> You can find more information about our process in [this guide](https://github.com/expressjs/security-wg/blob/main/docs/incident_response_plan.md)
-### Pre-release Versions
+#### Reporting Security Bugs via GitHub Security Advisory (Preferred)
-Alpha and Beta releases are unstable and **not suitable for production use**.
+The preferred way to report security vulnerabilities is through
-Vulnerabilities found in pre-releases should be reported according to the [Reporting a Bug](#reporting-a-bug) section.
+[GitHub Security Advisories](https://github.com/advisories).
-Due to the unstable nature of the branch it is not guaranteed that any fixes will be released in the next pre-release.
+This allows us to collaborate on a fix while maintaining the
 confidentiality of the report.
 To report a vulnerability
 ([docs](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability)):
 1. Visit the **Security** tab of the affected repository on GitHub.
 2. Click **Report a vulnerability** and follow the provided steps.
 This process applies to any repositories within the Express ecosystem.
 If you are unsure whether a repository falls under this policy,
 feel free to reach out via email.
 #### Reporting via Email
 If you prefer, you can also report security issues by emailing `express-security@lists.openjsf.org`.
 To ensure a timely response, please include all relevant details directly in the email body rather than linking to external sources or attaching files.
 The lead maintainer will acknowledge your email within 48 hours and provide an initial response outlining the next steps. The security team will keep you updated on the progress and may request additional details.
 #### Third-Party Modules
 If the security issue pertains to a third-party module that is not directly maintained within the Express ecosystem, please report it to the maintainers of that module.
 ### Disclosure Policy
@@ -345,15 +370,19 @@ involving the following steps:
 - Prepare fixes for all releases still under maintenance. These fixes will be
  released as fast as possible to npm.
 ### The Express Threat Model
 We are currently working on a new version of the security model, the most updated version can be found [here](https://github.com/expressjs/security-wg/blob/main/docs/ThreatModel.md)
 ### Comments on this Policy
 If you have suggestions on how this process could be improved please submit a
 pull request.
 ### The Express Threat Model
 The Express threat model defines the boundaries of what the framework considers its security responsibility. It establishes which elements are trusted (such as the developer, the runtime environment, and application code) versus untrusted (such as data from network connections). Issues arising from trusted elements are considered out of scope, while Express is responsible for safely handling untrusted data.
 Many commonly reported concerns fall outside Express's security scope and are the responsibility of the application developer. Such as prototype pollution from unsanitized user input, misconfigured static file serving, or issues in third-party dependencies.
 For complete details, see the [Express Threat Model](https://github.com/expressjs/security-wg/blob/main/docs/ThreatModel.md).
 ----
 # Contributing to Expressjs.com {#expressjs-website-contributing}
--- a/pt-br/guide/error-handling.md
+++ b/pt-br/guide/error-handling.md
@@ -173,7 +173,7 @@ response:
 - The `res.statusCode` is set from `err.status` (or `err.statusCode`). If
  this value is outside the 4xx or 5xx range, it will be set to 500.
- The `res.statusMessage` is set according to the status code.
+- A 'res.statusMessage' é definida de acordo com o código de status.
 - The body will be the HTML of the status code message when in production
  environment, otherwise will be `err.stack`.
 - Any headers specified in an `err.headers` object.
--- a/pt-br/guide/migrating-5.md
+++ b/pt-br/guide/migrating-5.md
@@ -17,7 +17,7 @@ a API básica permanecer a mesma, ainda existem mudanças disruptivas;
 em outras palavras um programa do Express 4 existente pode não
 funcionar se você atualizá-lo para usar o Express 5.
-To install this version, you need to have a Node.js version 18 or higher. Then, execute the following command in your application directory:
+Para instalar esta versão, você precisa ter uma versão 18 ou superior de Node.js. Then, execute the following command in your application directory:
 ```sh
 npm install "express@5"
@@ -145,7 +145,7 @@ foi descontinuada desde a v4.11.0, e o Express 5 não a suporta mais de nenhuma
 Os seguintes nomes de métodos podem ser pluralizados. No
 Express 4, o uso dos métodos antigos resultava em um aviso de
-descontinuação.  O Express 5 não os suporta mais de forma nenhuma: Express 5 no longer supports them at all:
+descontinuação.  O Express 5 não os suporta mais de forma nenhuma: Express 5 não os suporta mais:
 `req.acceptsLanguage()` é substituído por `req.acceptsLanguages()`.
--- a/pt-br/resources/contributing.md
+++ b/pt-br/resources/contributing.md
@@ -297,42 +297,67 @@ visibility or maintainer input.
 ## Security Policies and Procedures
-<!-- SRC: expressjs/express SECURITY.md -->
+<!-- SRC: expressjs/.github SECURITY.md -->
 This document outlines security procedures and general policies for the Express
 project.
- [Reporting a Bug](#reporting-a-bug)
+- [Reporting a Bug or Security Vulnerability](#reporting-a-bug-or-security-vulnerability)
 - [Disclosure Policy](#disclosure-policy)
 - [Comments on this Policy](#comments-on-this-policy)
 - [The Express Threat Model](#the-express-threat-model)
-### Reporting a Bug
+### Reporting a Bug or Security Vulnerability
-The Express team and community take all security bugs in Express seriously.
+> [!IMPORTANT]
-Thank you for improving the security of Express. We appreciate your efforts and
+> Before reporting a vulnerability, please review the [Express Threat Model](#the-express-threat-model) to check if the issue falls within Express's security scope.
 responsible disclosure and will make every effort to acknowledge your
 contributions.
-Report security bugs by emailing `express-security@lists.openjsf.org`.
+The Express team and community take all security vulnerabilities seriously.
 Thank you for improving the security of Express and related projects.
 We appreciate your efforts in responsible disclosure and will make every effort
 to acknowledge your contributions.
-To ensure the timely response to your report, please ensure that the entirety
+A [Security triage team member](https://github.com/expressjs/security-wg#security-triage-team-expressjssecurity-triage)
-of the report is contained within the email body and not solely behind a web
+or [the repo captain](https://github.com/expressjs/discussions/blob/master/docs/contributing/captains_and_committers.md)
-link or an attachment.
+will acknowledge your report as soon as possible.
 These timelines may extend when our triage
 volunteers are away on holiday, particularly at the end of the year.
-The lead maintainer will acknowledge your email within 48 hours, and will send a
+After the initial reply to your report, the security team will
 more detailed response within 48 hours indicating the next steps in handling
 your report. After the initial reply to your report, the security team will
 endeavor to keep you informed of the progress towards a fix and full
 announcement, and may ask for additional information or guidance.
-Report security bugs in third-party modules to the person or team maintaining
+> [!NOTE]  
-the module.
+> You can find more information about our process in [this guide](https://github.com/expressjs/security-wg/blob/main/docs/incident_response_plan.md)
-### Pre-release Versions
+#### Reporting Security Bugs via GitHub Security Advisory (Preferred)
-Alpha and Beta releases are unstable and **not suitable for production use**.
+The preferred way to report security vulnerabilities is through
-Vulnerabilities found in pre-releases should be reported according to the [Reporting a Bug](#reporting-a-bug) section.
+[GitHub Security Advisories](https://github.com/advisories).
-Due to the unstable nature of the branch it is not guaranteed that any fixes will be released in the next pre-release.
+This allows us to collaborate on a fix while maintaining the
 confidentiality of the report.
 To report a vulnerability
 ([docs](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability)):
 1. Visit the **Security** tab of the affected repository on GitHub.
 2. Click **Report a vulnerability** and follow the provided steps.
 This process applies to any repositories within the Express ecosystem.
 If you are unsure whether a repository falls under this policy,
 feel free to reach out via email.
 #### Reporting via Email
 If you prefer, you can also report security issues by emailing `express-security@lists.openjsf.org`.
 To ensure a timely response, please include all relevant details directly in the email body rather than linking to external sources or attaching files.
 The lead maintainer will acknowledge your email within 48 hours and provide an initial response outlining the next steps. The security team will keep you updated on the progress and may request additional details.
 #### Third-Party Modules
 If the security issue pertains to a third-party module that is not directly maintained within the Express ecosystem, please report it to the maintainers of that module.
 ### Disclosure Policy
@@ -345,15 +370,19 @@ involving the following steps:
 - Prepare fixes for all releases still under maintenance. These fixes will be
  released as fast as possible to npm.
 ### The Express Threat Model
 We are currently working on a new version of the security model, the most updated version can be found [here](https://github.com/expressjs/security-wg/blob/main/docs/ThreatModel.md)
 ### Comments on this Policy
 If you have suggestions on how this process could be improved please submit a
 pull request.
 ### The Express Threat Model
 The Express threat model defines the boundaries of what the framework considers its security responsibility. It establishes which elements are trusted (such as the developer, the runtime environment, and application code) versus untrusted (such as data from network connections). Issues arising from trusted elements are considered out of scope, while Express is responsible for safely handling untrusted data.
 Many commonly reported concerns fall outside Express's security scope and are the responsibility of the application developer. Such as prototype pollution from unsanitized user input, misconfigured static file serving, or issues in third-party dependencies.
 For complete details, see the [Express Threat Model](https://github.com/expressjs/security-wg/blob/main/docs/ThreatModel.md).
 ----
 # Contributing to Expressjs.com {#expressjs-website-contributing}
--- a/pt-br/resources/utils.md
+++ b/pt-br/resources/utils.md
@@ -12,7 +12,7 @@ redirect_from: "  "
 The [pillarjs](https://github.com/pillarjs) GitHub organization contains a number of modules
 for utility functions that may be generally useful.
-| Utility modules                                                | Descrição                                                                                                                                                                                                                  |
+| Módulos utilitários                                            | Descrição                                                                                                                                                                                                                  |
 | -------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
 | [cookies](https://www.npmjs.com/package/cookies)               | Get and set HTTP(S) cookies that can be signed to prevent tampering, using Keygrip. Can be used with the Node.js HTTP library or as Express middleware. |
 | [csrf](https://www.npmjs.com/package/csrf)                     | Contains the logic behind CSRF token creation and verification.  Use this module to create custom CSRF middleware.                                                                         |
--- a/pt-br/starter/basic-routing.md
+++ b/pt-br/starter/basic-routing.md
@@ -1,7 +1,7 @@
 ---
 layout: page
 title: Roteamento básico no Express
-description: Learn the fundamentals of routing in Express.js applications, including how to define routes, handle HTTP methods, and create route handlers for your web server.
+description: Aprenda os fundamentos do roteamento em aplicações Express.js, incluindo como definir rotas, lidar com métodos HTTP e criar manipuladores de rotas para seu servidor web.
 menu: starter
 order: 4
 redirect_from: "  "
@@ -26,7 +26,7 @@ app.METHOD(PATH, HANDLER)
 Onde:
 - `app` é uma instância do `express`.
- `METHOD` is an [HTTP request method](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Methods), in lowercase.
+- `METHOD` é um [método de solicitação HTTP](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Methods), em minúsculas.
 - `PATH` é um caminho no servidor.
 - `HANDLER` é a função executada quando a rota é correspondida.
@@ -47,7 +47,7 @@ app.get('/', (req, res) => {
 })
 ```
-Respond to a POST request on the root route (`/`), the application's home page:
+Responder a uma solicitação POST na rota raiz (`/`) com a página inicial do aplicativo:
 ```js
 app.post('/', (req, res) => {
--- a/pt-br/starter/faq.md
+++ b/pt-br/starter/faq.md
@@ -104,5 +104,5 @@ função de middleware `express.static()`.
 ## What version of Node.js does Express require?
- [Express 4.x](/{{ page.lang }}/4x/api.html) requires Node.js 0.10 or higher.
+- [Express 4.x](/{{ page.lang }}/4x/api.html) requer Node.js 0.10 ou superior.
- [Express 5.x](/{{ page.lang }}/5x/api.html) requires Node.js 18 or higher.
+- [Express 5.x](/{{ page.lang }}/5x/api.html) requer Node.js 18 ou superior.
--- a/pt-br/starter/installing.md
+++ b/pt-br/starter/installing.md
@@ -12,8 +12,8 @@ redirect_from: "  "
 Assumindo que já tenha instalado o [Node.js](https://nodejs.org/), crie um diretório
 para conter o seu aplicativo, e torne-o seu diretório ativo.
- [Express 4.x](/{{ page.lang }}/4x/api.html) requires Node.js 0.10 or higher.
+- [Express 4.x](/{{ page.lang }}/4x/api.html) requer Node.js 0.10 ou superior.
- [Express 5.x](/{{ page.lang }}/5x/api.html) requires Node.js 18 or higher.
+- [Express 5.x](/{{ page.lang }}/5x/api.html) requer Node.js 18 ou superior.
 ```bash
 $ mkdir myapp
--- a/zh-cn/resources/contributing.md
+++ b/zh-cn/resources/contributing.md
@@ -297,42 +297,67 @@ visibility or maintainer input.
 ## Security Policies and Procedures
-<!-- SRC: expressjs/express SECURITY.md -->
+<!-- SRC: expressjs/.github SECURITY.md -->
 This document outlines security procedures and general policies for the Express
 project.
- [Reporting a Bug](#reporting-a-bug)
+- [Reporting a Bug or Security Vulnerability](#reporting-a-bug-or-security-vulnerability)
 - [Disclosure Policy](#disclosure-policy)
 - [Comments on this Policy](#comments-on-this-policy)
 - [The Express Threat Model](#the-express-threat-model)
-### Reporting a Bug
+### Reporting a Bug or Security Vulnerability
-The Express team and community take all security bugs in Express seriously.
+> [!IMPORTANT]
-Thank you for improving the security of Express. We appreciate your efforts and
+> Before reporting a vulnerability, please review the [Express Threat Model](#the-express-threat-model) to check if the issue falls within Express's security scope.
 responsible disclosure and will make every effort to acknowledge your
 contributions.
-Report security bugs by emailing `express-security@lists.openjsf.org`.
+The Express team and community take all security vulnerabilities seriously.
 Thank you for improving the security of Express and related projects.
 We appreciate your efforts in responsible disclosure and will make every effort
 to acknowledge your contributions.
-To ensure the timely response to your report, please ensure that the entirety
+A [Security triage team member](https://github.com/expressjs/security-wg#security-triage-team-expressjssecurity-triage)
-of the report is contained within the email body and not solely behind a web
+or [the repo captain](https://github.com/expressjs/discussions/blob/master/docs/contributing/captains_and_committers.md)
-link or an attachment.
+will acknowledge your report as soon as possible.
 These timelines may extend when our triage
 volunteers are away on holiday, particularly at the end of the year.
-The lead maintainer will acknowledge your email within 48 hours, and will send a
+After the initial reply to your report, the security team will
 more detailed response within 48 hours indicating the next steps in handling
 your report. After the initial reply to your report, the security team will
 endeavor to keep you informed of the progress towards a fix and full
 announcement, and may ask for additional information or guidance.
-Report security bugs in third-party modules to the person or team maintaining
+> [!NOTE]  
-the module.
+> You can find more information about our process in [this guide](https://github.com/expressjs/security-wg/blob/main/docs/incident_response_plan.md)
-### Pre-release Versions
+#### Reporting Security Bugs via GitHub Security Advisory (Preferred)
-Alpha and Beta releases are unstable and **not suitable for production use**.
+The preferred way to report security vulnerabilities is through
-Vulnerabilities found in pre-releases should be reported according to the [Reporting a Bug](#reporting-a-bug) section.
+[GitHub Security Advisories](https://github.com/advisories).
-Due to the unstable nature of the branch it is not guaranteed that any fixes will be released in the next pre-release.
+This allows us to collaborate on a fix while maintaining the
 confidentiality of the report.
 To report a vulnerability
 ([docs](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability)):
 1. Visit the **Security** tab of the affected repository on GitHub.
 2. Click **Report a vulnerability** and follow the provided steps.
 This process applies to any repositories within the Express ecosystem.
 If you are unsure whether a repository falls under this policy,
 feel free to reach out via email.
 #### Reporting via Email
 If you prefer, you can also report security issues by emailing `express-security@lists.openjsf.org`.
 To ensure a timely response, please include all relevant details directly in the email body rather than linking to external sources or attaching files.
 The lead maintainer will acknowledge your email within 48 hours and provide an initial response outlining the next steps. The security team will keep you updated on the progress and may request additional details.
 #### Third-Party Modules
 If the security issue pertains to a third-party module that is not directly maintained within the Express ecosystem, please report it to the maintainers of that module.
 ### Disclosure Policy
@@ -345,15 +370,19 @@ involving the following steps:
 - Prepare fixes for all releases still under maintenance. These fixes will be
  released as fast as possible to npm.
 ### The Express Threat Model
 We are currently working on a new version of the security model, the most updated version can be found [here](https://github.com/expressjs/security-wg/blob/main/docs/ThreatModel.md)
 ### Comments on this Policy
 If you have suggestions on how this process could be improved please submit a
 pull request.
 ### The Express Threat Model
 The Express threat model defines the boundaries of what the framework considers its security responsibility. It establishes which elements are trusted (such as the developer, the runtime environment, and application code) versus untrusted (such as data from network connections). Issues arising from trusted elements are considered out of scope, while Express is responsible for safely handling untrusted data.
 Many commonly reported concerns fall outside Express's security scope and are the responsibility of the application developer. Such as prototype pollution from unsanitized user input, misconfigured static file serving, or issues in third-party dependencies.
 For complete details, see the [Express Threat Model](https://github.com/expressjs/security-wg/blob/main/docs/ThreatModel.md).
 ----
 # Contributing to Expressjs.com {#expressjs-website-contributing}
--- a/zh-tw/resources/contributing.md
+++ b/zh-tw/resources/contributing.md
@@ -297,42 +297,67 @@ visibility or maintainer input.
 ## Security Policies and Procedures
-<!-- SRC: expressjs/express SECURITY.md -->
+<!-- SRC: expressjs/.github SECURITY.md -->
 This document outlines security procedures and general policies for the Express
 project.
- [Reporting a Bug](#reporting-a-bug)
+- [Reporting a Bug or Security Vulnerability](#reporting-a-bug-or-security-vulnerability)
 - [Disclosure Policy](#disclosure-policy)
 - [Comments on this Policy](#comments-on-this-policy)
 - [The Express Threat Model](#the-express-threat-model)
-### Reporting a Bug
+### Reporting a Bug or Security Vulnerability
-The Express team and community take all security bugs in Express seriously.
+> [!IMPORTANT]
-Thank you for improving the security of Express. We appreciate your efforts and
+> Before reporting a vulnerability, please review the [Express Threat Model](#the-express-threat-model) to check if the issue falls within Express's security scope.
 responsible disclosure and will make every effort to acknowledge your
 contributions.
-Report security bugs by emailing `express-security@lists.openjsf.org`.
+The Express team and community take all security vulnerabilities seriously.
 Thank you for improving the security of Express and related projects.
 We appreciate your efforts in responsible disclosure and will make every effort
 to acknowledge your contributions.
-To ensure the timely response to your report, please ensure that the entirety
+A [Security triage team member](https://github.com/expressjs/security-wg#security-triage-team-expressjssecurity-triage)
-of the report is contained within the email body and not solely behind a web
+or [the repo captain](https://github.com/expressjs/discussions/blob/master/docs/contributing/captains_and_committers.md)
-link or an attachment.
+will acknowledge your report as soon as possible.
 These timelines may extend when our triage
 volunteers are away on holiday, particularly at the end of the year.
-The lead maintainer will acknowledge your email within 48 hours, and will send a
+After the initial reply to your report, the security team will
 more detailed response within 48 hours indicating the next steps in handling
 your report. After the initial reply to your report, the security team will
 endeavor to keep you informed of the progress towards a fix and full
 announcement, and may ask for additional information or guidance.
-Report security bugs in third-party modules to the person or team maintaining
+> [!NOTE]  
-the module.
+> You can find more information about our process in [this guide](https://github.com/expressjs/security-wg/blob/main/docs/incident_response_plan.md)
-### Pre-release Versions
+#### Reporting Security Bugs via GitHub Security Advisory (Preferred)
-Alpha and Beta releases are unstable and **not suitable for production use**.
+The preferred way to report security vulnerabilities is through
-Vulnerabilities found in pre-releases should be reported according to the [Reporting a Bug](#reporting-a-bug) section.
+[GitHub Security Advisories](https://github.com/advisories).
-Due to the unstable nature of the branch it is not guaranteed that any fixes will be released in the next pre-release.
+This allows us to collaborate on a fix while maintaining the
 confidentiality of the report.
 To report a vulnerability
 ([docs](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability)):
 1. Visit the **Security** tab of the affected repository on GitHub.
 2. Click **Report a vulnerability** and follow the provided steps.
 This process applies to any repositories within the Express ecosystem.
 If you are unsure whether a repository falls under this policy,
 feel free to reach out via email.
 #### Reporting via Email
 If you prefer, you can also report security issues by emailing `express-security@lists.openjsf.org`.
 To ensure a timely response, please include all relevant details directly in the email body rather than linking to external sources or attaching files.
 The lead maintainer will acknowledge your email within 48 hours and provide an initial response outlining the next steps. The security team will keep you updated on the progress and may request additional details.
 #### Third-Party Modules
 If the security issue pertains to a third-party module that is not directly maintained within the Express ecosystem, please report it to the maintainers of that module.
 ### Disclosure Policy
@@ -345,15 +370,19 @@ involving the following steps:
 - Prepare fixes for all releases still under maintenance. These fixes will be
  released as fast as possible to npm.
 ### The Express Threat Model
 We are currently working on a new version of the security model, the most updated version can be found [here](https://github.com/expressjs/security-wg/blob/main/docs/ThreatModel.md)
 ### Comments on this Policy
 If you have suggestions on how this process could be improved please submit a
 pull request.
 ### The Express Threat Model
 The Express threat model defines the boundaries of what the framework considers its security responsibility. It establishes which elements are trusted (such as the developer, the runtime environment, and application code) versus untrusted (such as data from network connections). Issues arising from trusted elements are considered out of scope, while Express is responsible for safely handling untrusted data.
 Many commonly reported concerns fall outside Express's security scope and are the responsibility of the application developer. Such as prototype pollution from unsanitized user input, misconfigured static file serving, or issues in third-party dependencies.
 For complete details, see the [Express Threat Model](https://github.com/expressjs/security-wg/blob/main/docs/ThreatModel.md).
 ----
 # Contributing to Expressjs.com {#expressjs-website-contributing}