From 00d0a50dc27b54b0e59f7870f43d8352d25f909f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc=20W=C3=BCrth?= <ravage@bluewin.ch>
Date: Tue, 28 Jul 2015 20:02:06 +0200
Subject: [PATCH] Add "Reporting a Security Issue"

Backport of #7104
---
 CONTRIBUTING.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 5bb121179..c991e2460 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -63,6 +63,10 @@ Check the [cakephp-codesniffer](https://github.com/cakephp/cakephp-codesniffer)
 repository to setup the CakePHP standard. The [README](https://github.com/cakephp/cakephp-codesniffer/blob/master/README.md) contains installation info
 for the sniff and phpcs.
 
+## Reporting a Security Issue
+
+If you've found a security related issue in CakePHP, please don't open an issue in GitHub. Instead contact us at security@cakephp.org. For more information on how we handle security issues, [see the CakePHP Security Issue Process](http://book.cakephp.org/2.0/en/contributing/tickets.html#reporting-security-issues).
+
 # Additional Resources
 
 * [CakePHP coding standards](http://book.cakephp.org/2.0/en/contributing/cakephp-coding-conventions.html)