Security

SECURITY.md

Reporting vulnerabilities

For the security vulnerabilities, please DON'T open issues in public. Instead, please report them to the mail address johnsjiang at tencent.com.

It is highly recommended that the reports are encrypted by the PGP public key, as shown as the below,

-----BEGIN PGP PUBLIC KEY BLOCK-----

mDMEYyk2IRYJKwYBBAHaRw8BAQdAViRaG71X7PJQP+AUf/D8l+kQ6e6az3e9RdoX
b/8kcvy0P0pvaG4gSmlhbmcgKEpvaG4gSmlhbmcncyB3b3JraW5nIG1haWwpIDxq
b2huc2ppYW5nQHRlbmNlbnQuY29tPoiUBBMWCgA8FiEEbeJu+uFKMgK12O23c98H
pz3L6mMFAmMpNiECGwMFCwkIBwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAAAoJEHPf
B6c9y+pjv8kBAKcemNLgDIok8mF2XE7PG0wNS7zBxXKHFCAd1GvRnhoUAQC2eQF7
sk8eZghA8iX0CKYZv6wlL7/LtT8HSTzCkYHgALg4BGMpNiESCisGAQQBl1UBBQEB
B0C2pzM8kBHttj1xRLDcalxKJVbk9xurZYctnQjLgpzzbgMBCAeIeAQYFgoAIBYh
BG3ibvrhSjICtdjtt3PfB6c9y+pjBQJjKTYhAhsMAAoJEHPfB6c9y+pjy9oBALZJ
1kvYwMgMzjkThFsYaNbWpvovDcuRckpNEnaxPiU1AP9RU8UCHPxIY1dtTFkySoWg
o9MYV6zBTB5FONtVo9w/BA==
=zYuj
-----END PGP PUBLIC KEY BLOCK-----

There aren’t any published security advisories