From a792de883bbf494c9a4a1d9eda500a4e401c0579 Mon Sep 17 00:00:00 2001
From: Marcus Bointon <marcus@synchromedia.co.uk>
Date: Mon, 22 Mar 2021 17:55:59 +0100
Subject: [PATCH] Tidelift security

---
 SECURITY.md  | 2 +-
 changelog.md | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/SECURITY.md b/SECURITY.md
index fc3e61c2..2552df8a 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,6 +1,6 @@
 # Security notices relating to PHPMailer
 
-Please disclose any vulnerabilities found responsibly - report any security problems found to the maintainers privately.
+Please disclose any security issues or vulnerabilities found through [Tidelift's coordinated disclosure system](https://tidelift.com/security) or to the maintainers privately.
 
 PHPMailer versions 6.1.5 and earlier contain an output escaping bug that occurs in `Content-Type` and `Content-Disposition` when filenames passed into `addAttachment` and other methods that accept attachment names contain double quote characters, in contravention of RFC822 3.4.1. No specific vulnerability has been found relating to this, but it could allow file attachments to bypass attachment filters that are based on matching filename extensions. Recorded as [CVE-2020-13625](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13625). Reported by Elar Lang of Clarified Security.
 
diff --git a/changelog.md b/changelog.md
index d0712b25..1cd6b014 100644
--- a/changelog.md
+++ b/changelog.md
@@ -3,6 +3,7 @@
 ## WIP
 * Check for mbstring extension before decoding addresss in `parseAddress`
 * Add Serbian Latin translation (`sr_latn`)
+* Enrol PHPMailer in Tidelift
 
 ## Version 6.3.0 (February 19th, 2021)
 * Handle early connection errors such as 421 during connection and EHLO states