Security updates are only applied to the latest published version.
Please do not disclose security vulnerabilities in public issues, disclosures, or pull requests.
Instead, please send an email to [email protected].
Please include as much of the following information as possible, as it will help us to fix the issue:
- Issue type (for example cross-site scripting or SQL injection)
- Affected versions
- Location of the affected source code
- Detailed instructions for reproducing the issue step by step
- Proof-of-concept or exploit code (if available)
- The potential impact of the issue, outlining how an attacker could exploit it
We will do our best to reply to you within a week.
If you have feedback or suggestions on how this policy can be improved, please submit a pull request or create a feature request explaining what could be improved.