If you discover a security vulnerability in our project, please report it to us as follows:

• Email: [email protected]
• Issue Tracker: GitHub Issues (for non-sensitive information only)

Please include as much detail as possible in your report, including:

• The type of issue
• Steps to reproduce the issue
• The potential impact of the vulnerability
• Any possible fixes you might have in mind

• Acknowledgment: We will acknowledge receipt of your vulnerability report within 48 hours.
• Initial Response: Within 72 hours, we will provide an initial assessment of the vulnerability and outline the next steps.
• Updates: We will provide updates on the status of your report at least every 7 days.
• Resolution: We aim to resolve confirmed vulnerabilities within 30 days. If this is not possible, we will provide an updated timeline.

• Accepted Reports: If we accept the vulnerability report, we will work with you to ensure a fix is developed and implemented. We will coordinate a public disclosure with you once the issue is resolved.
• Declined Reports: If we decline the report, we will provide you with a detailed explanation of why we believe it is not a security issue.

We believe in responsible disclosure. We will work with security researchers to ensure vulnerabilities are patched before public disclosure. Details of the vulnerability will be disclosed after a fix has been released, or after we have determined that the issue is not a security risk.

To stay informed about security updates, please:

• Subscribe to our security mailing list

To help ensure the security of your deployments:

• Always use the latest version of our software.
• Regularly update requirements to their latest secure versions.

Thank you for helping to keep our project secure!