If you discover a potential security vulnerability in this project, please message me with a detailed description of the vulnerability and any steps required to reproduce it. We ask that you do not discuss or disclose the vulnerability publicly until we have had a chance to address it.
We take all reports of security vulnerabilities seriously and will work with you to verify and address any reported vulnerabilities as quickly as possible. If you do not receive a response within 48 hours, please follow up with a reminder email.
Once a security vulnerability has been confirmed, we will work to develop and test a fix for the issue. We will communicate with the reporter to confirm the timeline for the release of the fix, and will coordinate with the reporter on any public disclosure of the vulnerability.
In general, we aim to release security fixes as quickly as possible, but our response time may vary depending on the complexity of the vulnerability and the resources available to address it.
If you have any questions or concerns about this security policy, please contact us.