From ab02e810b083694b055cafcff13266ceabd144b8 Mon Sep 17 00:00:00 2001
From: Jeffrey 'Alex' Clark <aclark@aclark.net>
Date: Wed, 8 Apr 2026 13:16:37 -0400
Subject: [PATCH 1/4] Update security policy

---
 .github/SECURITY.md | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/.github/SECURITY.md b/.github/SECURITY.md
index c6369fdef21..46a28ef550a 100644
--- a/.github/SECURITY.md
+++ b/.github/SECURITY.md
@@ -1,5 +1,9 @@
 # Security policy
 
-To report sensitive vulnerability information, please use the [Tidelift security contact](https://tidelift.com/security). Tidelift will coordinate the fix and disclosure.
+To report sensitive vulnerability information, please use GitHub's [Private vulnerability reporting](https://docs.github.com/en/code-security/how-tos/report-and-fix-vulnerabilities/privately-reporting-a-security-vulnerability).
 
-If your organisation/employer is a distributor of Pillow and would like advance notification of security-related bugs, please let us know your preferred contact method.
+The Pillow team will respond by following the steps in [Managing privately reported security vulnerabilities](https://docs.github.com/en/code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/managing-privately-reported-security-vulnerabilities).
+
+If you cannot use GitHub, please use the [Tidelift security contact](https://tidelift.com/security). Tidelift will coordinate the fix and disclosure.
+
+Please DO NOT report sensitive vulnerability information in public.

From 05860779a1b9563390861d7c89793f4adb7b6efd Mon Sep 17 00:00:00 2001
From: Jeffrey 'Alex' Clark <aclark@aclark.net>
Date: Wed, 8 Apr 2026 14:52:19 -0400
Subject: [PATCH 2/4] Update .github/SECURITY.md

Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
---
 .github/SECURITY.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/SECURITY.md b/.github/SECURITY.md
index 46a28ef550a..3a9d60e5473 100644
--- a/.github/SECURITY.md
+++ b/.github/SECURITY.md
@@ -1,6 +1,6 @@
 # Security policy
 
-To report sensitive vulnerability information, please use GitHub's [Private vulnerability reporting](https://docs.github.com/en/code-security/how-tos/report-and-fix-vulnerabilities/privately-reporting-a-security-vulnerability).
+To report sensitive vulnerability information, report it [privately on GitHub](https://github.com/python-pillow/Pillow/security).
 
 The Pillow team will respond by following the steps in [Managing privately reported security vulnerabilities](https://docs.github.com/en/code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/managing-privately-reported-security-vulnerabilities).
 

From 8edb7734b584b7e5e22142f348d95b5a357f8b28 Mon Sep 17 00:00:00 2001
From: Jeffrey 'Alex' Clark <aclark@aclark.net>
Date: Wed, 8 Apr 2026 14:52:36 -0400
Subject: [PATCH 3/4] Update .github/SECURITY.md

Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
---
 .github/SECURITY.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/SECURITY.md b/.github/SECURITY.md
index 3a9d60e5473..19eb9bb32bb 100644
--- a/.github/SECURITY.md
+++ b/.github/SECURITY.md
@@ -4,6 +4,6 @@ To report sensitive vulnerability information, report it [privately on GitHub](h
 
 The Pillow team will respond by following the steps in [Managing privately reported security vulnerabilities](https://docs.github.com/en/code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/managing-privately-reported-security-vulnerabilities).
 
-If you cannot use GitHub, please use the [Tidelift security contact](https://tidelift.com/security). Tidelift will coordinate the fix and disclosure.
+If you cannot use GitHub, use the [Tidelift security contact](https://tidelift.com/security). Tidelift will coordinate the fix and disclosure.
 
-Please DO NOT report sensitive vulnerability information in public.
+DO NOT report sensitive vulnerability information in public.

From 8f625f19eff86fc7079267bc41a25c0f467410be Mon Sep 17 00:00:00 2001
From: Jeffrey 'Alex' Clark <aclark@aclark.net>
Date: Wed, 8 Apr 2026 16:17:52 -0400
Subject: [PATCH 4/4] Update .github/SECURITY.md

Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
---
 .github/SECURITY.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/SECURITY.md b/.github/SECURITY.md
index 19eb9bb32bb..bc8bcaef66a 100644
--- a/.github/SECURITY.md
+++ b/.github/SECURITY.md
@@ -2,8 +2,6 @@
 
 To report sensitive vulnerability information, report it [privately on GitHub](https://github.com/python-pillow/Pillow/security).
 
-The Pillow team will respond by following the steps in [Managing privately reported security vulnerabilities](https://docs.github.com/en/code-security/how-tos/report-and-fix-vulnerabilities/fix-reported-vulnerabilities/managing-privately-reported-security-vulnerabilities).
-
 If you cannot use GitHub, use the [Tidelift security contact](https://tidelift.com/security). Tidelift will coordinate the fix and disclosure.
 
 DO NOT report sensitive vulnerability information in public.