What is the process to publish a security advisory to the public?

Publishing a security advisory to the public should be treated as a formal disclosure step that preserves history and provides actionable guidance. The proper method is to mark the advisory as ready to publish (or move it from a private to a public state) and include all essential details: which versions are affected, which versions contain the fix, references to related advisories or CVEs, and a CVSS score to communicate severity. This combination ensures users can determine impact, apply the correct remediation, and understand the risk in a standardized way. Deleting and recreating loses the audit trail; publishing anonymously with insufficient details leaves readers without context; updating later with only a generic note fails to give concrete remediation. The structured public advisory with explicit affected and fixed versions, references, and CVSS makes the disclosure precise, traceable, and useful for the community.