Thank you for taking time reading the following information carefully. Your contribution is highly welcomed!
Only the latest stable release is supported with security updates.
I highly encourage you to follow the principles of a responsible disclosure:
- Do not publish your research before contacting me first.
- Write me an e-mail
- Sign and encrypt your e-mail with OpenPGP/GnuPG.
- Do not open a public issue until my confirmation.
- If the vulnerability is accepted please give me at least 4 weeks to release proper security updates.
- After the security updates are released feel free to publish your research. A CVE is highly appreciated.
Note: This is a private side-project, maintained in my spare time. Therefore, I can't promise to answer you within three days but I try to respond within 3-5 days.
Thank you.