This policy is designed to improve the reporting of vulnerabilities.

This policy applies to all code in this repository

At this time, no "Bug Bounties" are rewarded. But, if you wish, you'll get a mention by me (@hyperupcall) on Twitter!

Guidelines for finding vulnerabilities are the same as Gradle's

Do not report issues through public GitHub issues

Rather, send an email to edwin [at] kofler [dot] dev. If I don't reply, get my attention on Twitter (@hyperupcall)

Please be as descriptive as reasonably possible.

We prefer all communications to be in English.