If you discover a security vulnerability in our project, please report it to us as follows:
- Email: [email protected]
- Issue Tracker: GitHub Issues (for non-sensitive information only)
Please include as much detail as possible in your report, including:
- The type of issue
- Steps to reproduce the issue
- The potential impact of the vulnerability
- Any possible fixes you might have in mind
- Acknowledgment: We will acknowledge receipt of your vulnerability report within 48 hours.
- Initial Response: Within 72 hours, we will provide an initial assessment of the vulnerability and outline the next steps.
- Updates: We will provide updates on the status of your report at least every 7 days.
- Resolution: We aim to resolve confirmed vulnerabilities within 30 days. If this is not possible, we will provide an updated timeline.
- Accepted Reports: If we accept the vulnerability report, we will work with you to ensure a fix is developed and implemented. We will coordinate a public disclosure with you once the issue is resolved.
- Declined Reports: If we decline the report, we will provide you with a detailed explanation of why we believe it is not a security issue.
We believe in responsible disclosure. We will work with security researchers to ensure vulnerabilities are patched before public disclosure. Details of the vulnerability will be disclosed after a fix has been released, or after we have determined that the issue is not a security risk.
To stay informed about security updates, please:
- Subscribe to our security mailing list
To help ensure the security of your deployments:
- Always use the latest version of our software.
- Regularly update requirements to their latest secure versions.
Thank you for helping to keep our project secure!