Please contact us directly at [email protected] for any bug that might impact the security of this project.
Please prefix the subject of your email with [security]
in lowercase and square brackets.
You will receive an acknowledgement of your report within 24 hours.
If you do not receieve an achnowledgement withit the said time frame please give us the benefit of the doubt as it's possible that we haven't seen it yet. In this case please send us a message without details using one of the following methods:
- Contact the lead developers of this project on their personal e-mails.
You can find the e-mails in the git logs, for example using the following command:
git --no-pager show -s --format='%an <%ae>' <gitsha>
where<gitsha>
is the SHA1 of their latest commit in the project. - Create a GitHub issue stating contact details and the severity of the issue.
Once we have acknowledged receipt of your report and confirmed the bug ourself we will draft a new Security Advisor on github, work with you to fix the vulnerability and publicly acknowledge your responsible disclosure, if you wish.