We take the security of our software products and services seriously. If you believe you have found a security vulnerability in this repository, we encourage you to report it to us through coordinated disclosure.
Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.
Instead, please send an email to [email protected].
When reporting an issue, please include as much of the information listed below as possible to help us better understand and resolve the issue:
- Type of issue: (e.g., buffer overflow, SQL injection, cross-site scripting)
- Full paths of source file(s) related to the issue
- Location of the affected source code: (tag/branch/commit or direct URL)
- Special configuration: Any required to reproduce the issue
- Step-by-step instructions: To reproduce the issue
- Proof-of-concept or exploit code: (if possible)
- Impact of the issue: Including how an attacker might exploit the issue
This information will help us triage your report more quickly.
We will acknowledge receipt of your vulnerability report within 3 business days and will send you regular updates on our progress towards resolving the reported issue. We will also notify you when the issue is resolved.
We are committed to coordinating with you openly and collaboratively. We will not take legal action against those who report security vulnerabilities, provided they follow responsible disclosure practices.
Thank you for helping us keep our software secure.