From 4ed704740b7ccc8ac9cfb7b5ec62d55ac178ec97 Mon Sep 17 00:00:00 2001
From: Jon Moss <me@jonathanmoss.me>
Date: Thu, 23 Feb 2017 18:34:26 -0500
Subject: Make security policy more prominent in docs

[ci skip]
---
 CONTRIBUTING.md | 3 +++
 README.md       | 4 ++++
 2 files changed, 7 insertions(+)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index f6ebef7e89..b44486c75a 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -2,6 +2,9 @@
 
 #### **Did you find a bug?**
 
+* **Do not open up a GitHub issue if the bug is a security vulnerability
+  in Rails**, and instead to refer to our [security policy](http://rubyonrails.org/security/).
+
 * **Ensure the bug was not already reported** by searching on GitHub under [Issues](https://github.com/rails/rails/issues).
 
 * If you're unable to find an open issue addressing the problem, [open a new one](https://github.com/rails/rails/issues/new). Be sure to include a **title and clear description**, as much relevant information as possible, and a **code sample** or an **executable test case** demonstrating the expected behavior that is not occurring.
diff --git a/README.md b/README.md
index a2b726ea6c..c4fa983c52 100644
--- a/README.md
+++ b/README.md
@@ -78,6 +78,10 @@ and may also be used independently outside Rails.
 We encourage you to contribute to Ruby on Rails! Please check out the
 [Contributing to Ruby on Rails guide](http://edgeguides.rubyonrails.org/contributing_to_ruby_on_rails.html) for guidelines about how to proceed. [Join us!](http://contributors.rubyonrails.org)
 
+Trying to report a possible security vulnerability in Rails? Please
+check out our [security policy](http://rubyonrails.org/security/) for
+guidelines about how to proceed.
+
 Everyone interacting in Rails and its sub-projects' codebases, issue trackers, chat rooms, and mailing lists is expected to follow the Rails [code of conduct](http://rubyonrails.org/conduct/).
 
 ## Code Status
-- 
cgit v1.2.3