Refer to disclosure policy in CONTRIBUTING.md

author: Jacob Vosmaer <contact@jacobvosmaer.nl> 2013-10-28 15:44:28 +0100
committer: Jacob Vosmaer <contact@jacobvosmaer.nl> 2013-10-28 15:44:28 +0100
commit: 8706890f9b8b5b743616b82e93407fb02a46e7e6 (patch)
tree: 73a029cb22e740c3e0facab65cbe09dc002dc21a
parent: ff7073ac23afdf5873f0b5eaee54b9c735e7e04d (diff)
download: gitlab-ce-8706890f9b8b5b743616b82e93407fb02a46e7e6.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 9d9be5bdc21..d1fdd93850a 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -5,6 +5,7 @@ This guide details how to use issues and pull requests to improve GitLab.
 -  [Closing policy for issues and pull requests](#closing-policy-for-issues-and-pull-requests)
 -  [Issue tracker](#issue-tracker)
 -  [Pull requests](#pull-requests)
+-  [Security vulnerabilities](#security-vulnerabilities)
 
 If you want to know how the GitLab team handles contributions have a look at [the GitLab contributing process](PROCESS.md).
 
@@ -73,3 +74,6 @@ We will accept pull requests if:
 * It is a single commit (please use `git rebase -i` to squash commits)
 
 For examples of feedback on pull requests please look at already [closed pull requests](https://github.com/gitlabhq/gitlabhq/pulls?direction=desc&page=1&sort=created&state=closed).
+
+## Security vulnerabilities
+Please report security vulnerabilities in private to support@gitlab.com; also see http://www.gitlab.com/disclosure/. Do NOT create GitHub issues for security vulnerabilities.
author	Jacob Vosmaer <contact@jacobvosmaer.nl>	2013-10-28 15:44:28 +0100
committer	Jacob Vosmaer <contact@jacobvosmaer.nl>	2013-10-28 15:44:28 +0100
commit	8706890f9b8b5b743616b82e93407fb02a46e7e6 (patch)
tree	73a029cb22e740c3e0facab65cbe09dc002dc21a
parent	ff7073ac23afdf5873f0b5eaee54b9c735e7e04d (diff)
download	gitlab-ce-8706890f9b8b5b743616b82e93407fb02a46e7e6.tar.gz