Merge pull request #1179 from activerecord-hackery/security

Move security contact information to SECURITY.md
This commit is contained in:
Sean 2020-12-02 17:17:14 +01:00 committed by GitHub
commit 00a8e05273
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 6 deletions

12
.github/SECURITY.md vendored Normal file
View File

@ -0,0 +1,12 @@
# Security Policy
## Supported Versions
At the moment, only the latest major.minor release stream is supported with
security updates.
## Reporting a Vulnerability
Please use the Tidelift security contact to [report a security
vulnerability](https://tidelift.com/security). Tidelift will coordinate the fix
and disclosure.

View File

@ -891,12 +891,6 @@ both in the same application. If both are present, Ransack will default to
Active Record only. The logic is contained in
`Ransack::Adapters#instantiate_object_mapper` should you need to override it.
## Security contact information
Please use the Tidelift security contact to [report a security
vulnerability](https://tidelift.com/security). Tidelift will coordinate the fix
and disclosure.
## Semantic Versioning
Ransack attempts to follow semantic versioning in the format of `x.y.z`, where: