We deeply appreciate any effort to discover and disclose security vulnerabilities responsibly.
If you would like to report a vulnerability in one of our products, please send us an e-mail at [email protected] but do not file a public issue.
We take all disclosures very seriously and will do our best to rapidly respond and verify the vulnerability before taking the necessary steps to fix it. After our initial reply to your disclosure, which should be directly after receiving it, we will periodically update you with the status of the fix.