Do not report security vulnerabilities through public GitHub issues.
Instead, you can report them using our security page. Alternatively, you can also send them by email to [email protected].
Include as much of the following information as you can:
- Type of issue (e.g., buffer overflow, privilege escalation, etc.).
- The location of the affected source code (tag/branch/commit or direct URL).
- Any special configuration required to reproduce the issue.
- Step-by-step instructions to reproduce the issue.
- Impact of the issue, including how an attacker might exploit the issue.
We prefer to receive reports in English. If necessary, we also understand German and Dutch.
We adhere to the principle of Coordinated Vulnerability Disclosure.
Security advisories will be published on GitHub and possibly through other channels.