We take the security of our products seriously.
If you believe you have found a security vulnerability in any of the used library's that meets our definition of a security vulnerability, please report it to us and we will try to resolve it asap.
Please do not report security vulnerabilities of any severity through public GitHub issues.
Instead, send an email to [email protected]. We will look into and respond to the email within 48 hours.
Please include the requested information listed below (as much as matches the case) to help us better understand the severity and diagnose the issue:
- Type of issue [e.g. buffer overflow, SQL injection, cross-site scripting, etc.]
- Paths of source file(s) related to the issue
- The location of the affected source code [e.g. tag/branch/commit/url/package ]
- (Special) configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code
- Impact of the issue, including how an attacker might exploit the issue
This information will help us triage your report quicker.
We prefer all communications to be in English.