Skip to content

Latest commit

 

History

History
33 lines (23 loc) · 1.31 KB

SECURITY.md

File metadata and controls

33 lines (23 loc) · 1.31 KB

Security Policy

Reporting a Vulnerability

If you believe you have found a legitimate security vulnerability, please report it.

There is no bounty program, and there are no payments for discovering/reporting security vulnerabilities, but we all benefit from software that is more secure. Happy to provide public thanks once the issue has been resolved.

What I need is:

  • An explanation of the bug.
  • A minimum viable reproduction case which triggers the issue.
  • What you expected to happen.
  • What actually happened.
  • [OPTIONAL] A suggested patch attached as a .diff file, if you have one.

I don't check my email every day, and I get LOTS of email. It may take me up to a week to discover your message. I will respond as soon as I see your message and confirm that I can reproduce the issue.

Thank you for participating in the responsible disclosure of security vulnerabilities.