From a061e70a2a1fed413d07556938184362645dbb32 Mon Sep 17 00:00:00 2001
From: James Titcumb <james@asgrim.com>
Date: Fri, 15 May 2026 07:24:04 +0100
Subject: [PATCH 1/2] Add security policy in SECURITY.md

---
 SECURITY.md | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 00000000..2b54b229
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,25 @@
+# Security Policy
+
+## Supported Versions
+
+The following versions will receive security updates.
+
+| Version | Security updates   |
+| ------- | ------------------ |
+| 1.5.x   | :white_check_mark: |
+| 1.4.x   | :white_check_mark: |
+| 1.3.x   | :white_check_mark: |
+| < 1.3   | :x:                |
+
+## Reporting a Vulnerability
+
+Please do not publicly disclose security vulnerabilities.
+
+If you discover something that you think may be a vulnerability, please
+[report it **privately** on GitHub](https://docs.github.com/en/code-security/how-tos/report-and-fix-vulnerabilities/privately-reporting-a-security-vulnerability).
+
+ * Go to the [Security and Quality](https://github.com/php/pie/security) tab in the PIE repository.
+ * Click **Report a vulnerability** and fill in the form with as much information as possible.
+ * Hit submit, and we'll look into it as soon as possible.
+
+Thank you for responsibly disclosing issues in PIE 🥧

From 385d6c6caddf37be7495cf67396b25a0407414d2 Mon Sep 17 00:00:00 2001
From: James Titcumb <james@asgrim.com>
Date: Fri, 15 May 2026 07:27:59 +0100
Subject: [PATCH 2/2] Fix contributing link in PR template

---
 .github/pull_request_template.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index ca50148d..25ab9ce3 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -7,7 +7,7 @@
 
 ## PR submitter checklist
 
-- [ ] I have read [CONTRIBUTING.md](../CONTRIBUTING.md)
+- [ ] I have read [CONTRIBUTING.md](https://github.com/php/pie/blob/HEAD/CONTRIBUTING.md)
 - [ ] I discussed this <bug|feature> with the maintainers in #<issue_number> (complete as appropriate)
 - [ ] I have added appropriate tests
 - [ ] I confirm that I have the right to submit this under the project's open source licence