summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog4
-rw-r--r--doc/security.rdoc5
2 files changed, 9 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 0f388cd96d..b22762c7f9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Sat May 4 07:20:00 2013 Zachary Scott <zachary@zacharyscott.net>
+
+ * doc/security.rdoc: Add note about reporting security vulns
+
Sat May 4 04:13:27 2013 KOSAKI Motohiro <kosaki.motohiro@gmail.com>
* include/ruby/defines.h (RUBY_ATTR_ALLOC_SIZE): New for
diff --git a/doc/security.rdoc b/doc/security.rdoc
index 9f4bca67c5..2cf6531785 100644
--- a/doc/security.rdoc
+++ b/doc/security.rdoc
@@ -10,6 +10,11 @@ Please check the full list of publicly known CVEs and how to correctly report a
security vulnerability, at: http://www.ruby-lang.org/en/security/
Japanese version is here: http://www.ruby-lang.org/ja/security/
+Security vulnerabilities should be reported via an email to
+mailto:security@ruby-lang.org ({the PGP public
+key}[http://www.ruby-lang.org/security.asc]), which is a private mailing list.
+Reported problems will be published after fixes.
+
== <code>$SAFE</code>
Ruby provides a mechanism to restrict what operations can be performed by Ruby