We take security issues seriously. If you discover a security vulnerability in our project, please follow these steps for responsible disclosure:
- Do not create a public issue on GitHub or discuss the vulnerability publicly.
- Email the security team at [email protected] with the details of the vulnerability.
- Provide a clear and detailed description of the vulnerability, including steps to reproduce the issue or any proof-of-concept code.
- Allow the security team a reasonable amount of time to assess the vulnerability, develop a fix, and release a security update.
We will acknowledge receipt of your vulnerability report within 48 hours and provide an estimated timeframe for a fix. In the meantime, please refrain from sharing any information about the vulnerability with others.
If you follow these guidelines and responsibly disclose the vulnerability, we will credit you in the security update announcement.
Thank you for helping to keep our project and its users secure.