From e74fdbe00cd0f403d34f2bc83eb09e7a5bc56109 Mon Sep 17 00:00:00 2001
From: Gannon McGibbon <gannon.mcgibbon@gmail.com>
Date: Tue, 6 Nov 2018 18:05:40 -0500
Subject: Amend CVE note and security guide section wordings

Reword first sentence of dep management and CVE section of
security guide. Also, reword and move gemspec notes above deps.

[ci skip]
---
 guides/source/security.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'guides/source')

diff --git a/guides/source/security.md b/guides/source/security.md
index 66b922ea35..dbec3cdd2d 100644
--- a/guides/source/security.md
+++ b/guides/source/security.md
@@ -1238,7 +1238,7 @@ Rails.application.credentials.some_api_key! # => raises KeyError: :some_api_key
 Dependency Management and CVEs
 ------------------------------
 
-Please note that we do not accept patches for CVE version bumps. This is because application owners need to manually update their gems regardless of our efforts. Use `bundle update --conservative gem_name` to safely update vulnerable dependencies.
+We don’t bump dependencies just to encourage use of new versions, including for security issues. This is because application owners need to manually update their gems regardless of our efforts. Use `bundle update --conservative gem_name` to safely update vulnerable dependencies.
 
 Additional Resources
 --------------------
-- 
cgit v1.2.3