We take security vulnerabilities in our project seriously. If you discover a security issue, please report it by sending an email to [email protected]. Please do not create GitHub issues for security vulnerabilities.
Include the following details in your email:
- Description of the vulnerability
- Steps to reproduce or proof of concept (if possible)
- Versions affected
Once the report is received, we will:
- Confirm the vulnerability and its impact
- Acknowledge receipt of your report
- Work on a fix and coordinate a release date (if necessary)
- Provide credit to the reporter (if desired)
We encourage responsible disclosure of security vulnerabilities. This means:
- Providing reasonable time for us to address the issue before disclosing it publicly
- Avoiding automated scans and testing methods that could harm the stability or security of our services
We commit to:
- Responding promptly to your report
- Keeping you informed of our progress
- Notifying you when the vulnerability is fixed
Thank you for helping to keep our project safe and secure for everyone.
This security policy template is adapted from the Open Source Security Foundation and GitHub's Security Policy.