If you find a security vulnerability in this project, please report it as follows:
- Open an Issue: Create a new issue in the project's issue tracker with the details of the vulnerability.
- Required Information:
- Detailed description of the vulnerability.
- Steps to reproduce the vulnerability.
- Potential impact of the vulnerability.
- Any other relevant information.
Once the issue is created, we will provide further instructions on how to proceed with the communication.
We commit to responding to security vulnerability reports within the following timeframes:
- Acknowledgment of Receipt: 48 hours.
- Initial Assessment: 5 business days.
- Mitigation Plan: 10 business days.
We ask that you do not publicly disclose the vulnerability until we have had the opportunity to investigate and mitigate the issue. We commit to working with you to ensure that the vulnerability is resolved appropriately and promptly.
We appreciate security researchers and users who responsibly report vulnerabilities. We will publicly acknowledge those who contribute to improving the security of this project, unless they prefer to remain anonymous.