Do not report security problems on public forums or in repository issues.

Privately report vulnerabilities to the maintainers listed at the end of this document. Include as many details as possible to reproduce the issue, including code samples or test cases. Check that your report does not expose any of your sensitive data, such as passwords, tokens, or other secrets.

You do not need to have a solution or fix. Depending on the issue, CPANSec may be notified. Depending on the issue, CPANSec may be notified.

You can also privately report issues to the CPAN Security Group (CPANSec) cpan-security@security.metacpan.org. This is especially important if you think a vulnerability is being actively exploited. CPANSec may report the issue to the relevant authorities. See Report a Security Issue.

The maintainers aim to respond to all reports within one day, but this may be affected by life and other things that happen to people who maintain open source code.

A new release will be provided as soon as possible.

• brian d foy, briandfoy@pobox.com