If you discover a security vulnerability in this project, please report it to us by sending an email to [email protected]. We will do our best to promptly address the issue.
We value the work of the security community and encourage responsible disclosure of vulnerabilities. If you are unsure if a behavior is a security vulnerability, please send an email to [email protected] explaining the suspected issue. We will work with you to determine if the behavior is a security vulnerability and will provide guidance on how to proceed.
We will do our best to follow the following timeline when addressing reported vulnerabilities:
- Within 1 business day of receiving the report, we will send an acknowledgement email to the reporter acknowledging receipt of the report.
- Within 2 business days of receiving the report, we will determine the severity of the report and assign a priority level to the report.
- Within 1 week of receiving the report, we will either:
- Issue a patch and send a notification email to the reporter indicating that the vulnerability has been fixed.
- Provide a detailed response to the reporter explaining why the behavior does not qualify as a vulnerability.
We would like to thank the following individuals for responsibly disclosing vulnerabilities:
For any questions or concerns about our security policy, please contact us at [email protected].