Merge branch 'hotfix/5468' into develop

Forward port #5468
zendframework · Nov 12, 2013 · ae7e8b0 · ae7e8b0
2 parents 1351d91 + aaf36b1
commit ae7e8b0
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 1 deletion.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -19,7 +19,21 @@ read/subscribe to the following resources:
 
 If you are working on new features, or refactoring an existing
 component, please create a proposal. You can do this in on the RFC's
-page, http://framework.zend.com/wiki/display/ZFDEV2/RFC%27s. 
+page, http://framework.zend.com/wiki/display/ZFDEV2/RFC%27s.
+
+## Reporting Potential Security Issues
+
+If you have encountered a potential security vulnerability in Zend Framework, please report it to us at [zf-security@zend.com](mailto:zf-security@zend.com). We will work with you to verify the vulnerability and patch it.
+
+When reporting issues, please provide the following information:
+
+- Component(s) affected
+- A description indicating how to reproduce the issue
+- A summary of the security vulnerability and impact
+
+We request that you contact us via the email address above and give the project contributors a chance to resolve the vulnerability and issue a new release prior to any public exposure; this helps protect Zend Framework users and provides them with a chance to upgrade and/or update in order to protect their applications.
+
+For sensitive email communications, please use [our PGP key](http://framework.zend.com/zf-security-pgp-key.asc).
 
 ## RUNNING TESTS
 

diff --git a/README.md b/README.md
@@ -108,6 +108,20 @@ If you would like to be notified of new releases, you can subscribe to
 the fw-announce mailing list by sending a blank message to
 <fw-announce-subscribe@lists.zend.com>.
 
+## Reporting Potential Security Issues
+
+If you have encountered a potential security vulnerability in Zend Framework, please report it to us at [zf-security@zend.com](mailto:zf-security@zend.com). We will work with you to verify the vulnerability and patch it.
+
+When reporting issues, please provide the following information:
+
+- Component(s) affected
+- A description indicating how to reproduce the issue
+- A summary of the security vulnerability and impact
+
+We request that you contact us via the email address above and give the project contributors a chance to resolve the vulnerability and issue a new release prior to any public exposure; this helps protect Zend Framework users and provides them with a chance to upgrade and/or update in order to protect their applications.
+
+For sensitive email communications, please use [our PGP key](http://framework.zend.com/zf-security-pgp-key.asc).
+
 ### LICENSE
 
 The files in this archive are released under the Zend Framework license.