From e11a30850b5fc372d8d9338e41ed8579eecd4869 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?David=20Rodr=C3=ADguez?= <deivid.rodriguez@riseup.net>
Date: Tue, 1 Dec 2020 11:31:07 +0100
Subject: [PATCH] Use Tidelift's process for security issues

---
 README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/README.md b/README.md
index b18f9df..daae4a6 100644
--- a/README.md
+++ b/README.md
@@ -891,6 +891,12 @@ both in the same application. If both are present, Ransack will default to
 Active Record only. The logic is contained in
 `Ransack::Adapters#instantiate_object_mapper` should you need to override it.
 
+## Security contact information
+
+Please use the Tidelift security contact to [report a security
+vulnerability](https://tidelift.com/security).  Tidelift will coordinate the fix
+and disclosure.
+
 ## Semantic Versioning
 
 Ransack attempts to follow semantic versioning in the format of `x.y.z`, where: