If you believe you've found a security vulnerability in this project, please follow these steps to report it to us:
-
Do Not create a public issue or pull request. Security vulnerabilities should be reported privately.
-
Email us at [email protected] with a detailed description of the vulnerability. Include any relevant information to help us understand and reproduce the issue. If possible, please include the following:
- A clear and concise summary of the vulnerability.
- The affected versions of the project.
- Steps to reproduce the vulnerability.
- Any potential mitigations or workarounds.
-
We will acknowledge your email within [7 business days] and provide an estimated timeline for when you can expect a resolution or a follow-up.
-
Once the issue is resolved, we will work with you to verify the fix and, if desired, give you credit for responsibly disclosing the vulnerability.
-
Please give us a reasonable amount of time to address the issue before disclosing it publicly.
-
We will prioritize and address security vulnerabilities with the highest severity first.
-
We appreciate responsible disclosure and will work with you to acknowledge your efforts if you follow the responsible disclosure process.
This project is currently supported and receives security updates for the following versions:
- [>=1.0.0]
If you want to report a non-security related issue, please use the project's issue tracker on GitHub.
For additional information or questions related to our security policies and procedures, you can contact us at [email protected].
Thank you for helping keep our project safe and secure!