From 6ede62874b58aaad66db77287a52ee0bfebca7ff Mon Sep 17 00:00:00 2001
From: Andrew Murray <3112309+radarhere@users.noreply.github.com>
Date: Thu, 9 Apr 2026 19:01:17 +1000
Subject: [PATCH] Update README with revised security policy (#9553)

---
 README.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 04c9ae8ab..c6d09a821 100644
--- a/README.md
+++ b/README.md
@@ -106,4 +106,8 @@ The core image library is designed for fast access to data stored in a few basic
 
 ## Report a vulnerability
 
-To report a security vulnerability, please follow the procedure described in the [Tidelift security policy](https://tidelift.com/docs/security).
+To report sensitive vulnerability information, report it [privately on GitHub](https://github.com/python-pillow/Pillow/security/advisories/new).
+
+If you cannot use GitHub, use the [Tidelift security contact](https://tidelift.com/security). Tidelift will coordinate the fix and disclosure.
+
+DO NOT report sensitive vulnerability information in public.