From 2cfa3fba0c8c5f3cf5daf23fd5333902a34fea86 Mon Sep 17 00:00:00 2001
From: shivaramkumar <connect.shivaram@gmail.com>
Date: Mon, 5 Feb 2024 05:36:32 +0100
Subject: [PATCH] [5.0.x] Changed severity levels to list in security policy
 docs.

Backport of a47de0d6cd440d4515ede48df8335d91d7ac7793 from main
---
 docs/internals/security.txt | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/docs/internals/security.txt b/docs/internals/security.txt
index 373012b707..55300b01e1 100644
--- a/docs/internals/security.txt
+++ b/docs/internals/security.txt
@@ -84,24 +84,24 @@ upcoming security release, as well as the severity of the issues. This is to
 aid organizations that need to ensure they have staff available to handle
 triaging our announcement and upgrade Django as needed. Severity levels are:
 
-**High**:
+* **High**
 
-* Remote code execution
-* SQL injection
+  * Remote code execution
+  * SQL injection
 
-**Moderate**:
+* **Moderate**
 
-* Cross site scripting (XSS)
-* Cross site request forgery (CSRF)
-* Denial-of-service attacks
-* Broken authentication
+  * Cross site scripting (XSS)
+  * Cross site request forgery (CSRF)
+  * Denial-of-service attacks
+  * Broken authentication
 
-**Low**:
+* **Low**
 
-* Sensitive data exposure
-* Broken session management
-* Unvalidated redirects/forwards
-* Issues requiring an uncommon configuration option
+  * Sensitive data exposure
+  * Broken session management
+  * Unvalidated redirects/forwards
+  * Issues requiring an uncommon configuration option
 
 Second, we notify a list of :ref:`people and organizations
 <security-notifications>`, primarily composed of operating-system vendors and