If you believe you have found a security vulnerability, we would appreciate a private report so that we can work on and release a fix before public disclosure. Any vulnerabilities reported to us will be disclosed publicly either when a new version with fixes is released or 90 days has passed, whichever comes first.
To report vulnerabilities to us privately, either:
-
Report the vulnerability through GitHub.
-
E-mail
[email protected]
. If you want to encrypt your e-mail, you can use our GPG key0x92AFE41DAB49BBB6
available on keyserver.ubuntu.com:gpg --keyserver keyserver.ubuntu.com --recv-key 0x92AFE41DAB49BBB6