We take the security of our repository seriously and appreciate your efforts in responsibly disclosing vulnerabilities. We aim to address all reported security issues promptly.
If you believe you have found a security vulnerability in this repository, we encourage you to report it privately. Please DO NOT create a public issue on GitHub that contains details of the vulnerability.
-
Use GitHub's Built-in Vulnerability Reporting:
You can report vulnerabilities directly via GitHub's Security Advisory feature. This will keep the details confidential between the reporter and the repository maintainers. -
Provide Detailed Information:
When submitting a report, please include as much information as possible to help us understand the nature of the vulnerability. This includes:- Steps to reproduce the issue
- The potential impact of the vulnerability
- Any relevant logs, screenshots, or proof-of-concept code
- Suggested fixes (if applicable)
-
Response Time:
We strive to respond to vulnerability reports within 72 hours and will provide a timeline for when you can expect a more detailed response or a fix. We greatly appreciate your patience as we work to resolve the issue. -
Disclosure and Remediation We ask that you wait until the vulnerability has been remediated and the fix has been implemented up to a reasonable point before disclosing it. Due to the nature of repositories with multiple versions, please be understanding that it can take a few months before users adopt the fix.
Thank you for helping us maintain the security of our project!