Although we do our best to keep {{project_name}} secure. Vulnerabilities can happen. If you think you found a vulnerability, we appreciate your efforts to responsibly disclose your findings.
Report security bugs by emailing us at {{security_email}} (remove the -noreply part) and all other bugs on our issues page.
If you are not sure, don’t worry. Better safe than sorry – just send an email. Do not open issues related to any security concerns publicly.
When reporting an issue, include as much information as possible. Just tell us what you found, how to reproduce it, and any concerns you have about it. We will respond as soon as possible and follow up with any missing information.
We will acknowledge your email within 48 hours, and will send a more detailed response within 48 hours indicating the next steps in handling your report. After the initial reply to your report, we will endeavor to keep you informed of the progress towards a fix, and may ask for additional information or guidance.
We take all security bugs seriously. Thank you for helping us improve the security of this project, we will make every effort to acknowledge your contributions.
Please report security bugs in third-party modules to the person or team maintaining the module.
When we receive a security bug report, we will assign it to a primary handler. This person will coordinate the fix and release process, involving the following steps:
- Confirm the problem and determine the affected releases.
- Audit code to find any potential similar problems.
- Prepare fixes for all affected releases still under maintenance.
- Review and release these fixes as fast as possible.
If you have suggestions on how this process could be improved please submit a pull request.