diff options
-rw-r--r-- | CONTRIBUTING.md | 3 | ||||
-rw-r--r-- | README.md | 4 |
2 files changed, 7 insertions, 0 deletions
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index f6ebef7e89..b44486c75a 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -2,6 +2,9 @@ #### **Did you find a bug?** +* **Do not open up a GitHub issue if the bug is a security vulnerability + in Rails**, and instead to refer to our [security policy](http://rubyonrails.org/security/). + * **Ensure the bug was not already reported** by searching on GitHub under [Issues](https://github.com/rails/rails/issues). * If you're unable to find an open issue addressing the problem, [open a new one](https://github.com/rails/rails/issues/new). Be sure to include a **title and clear description**, as much relevant information as possible, and a **code sample** or an **executable test case** demonstrating the expected behavior that is not occurring. @@ -78,6 +78,10 @@ and may also be used independently outside Rails. We encourage you to contribute to Ruby on Rails! Please check out the [Contributing to Ruby on Rails guide](http://edgeguides.rubyonrails.org/contributing_to_ruby_on_rails.html) for guidelines about how to proceed. [Join us!](http://contributors.rubyonrails.org) +Trying to report a possible security vulnerability in Rails? Please +check out our [security policy](http://rubyonrails.org/security/) for +guidelines about how to proceed. + Everyone interacting in Rails and its sub-projects' codebases, issue trackers, chat rooms, and mailing lists is expected to follow the Rails [code of conduct](http://rubyonrails.org/conduct/). ## Code Status |