We take the security of our software products and services seriously, including all source code repositories managed through our project. We understand the importance of protecting our community and strive to make our project safe for everyone.

Please do not report security vulnerabilities through public GitHub issues.

If you believe you have found a security vulnerability in our project, we encourage you to report it to us as soon as possible. We welcome reports from everyone, including security researchers, industry professionals, and users. Please send your report to [email protected], ensuring you include as much information as possible to help us understand the nature and scope of the vulnerability. This information should include:

• Type of issue (e.g., Command Injection, SSRF, SQL injection, cross-site scripting, etc.)
• Full paths of source file(s) related to the manifestation of the issue
• The location of the affected source code (tag/branch/commit or direct URL)
• Any special configuration required to reproduce the issue
• Step-by-step instructions to reproduce the issue
• Proof-of-concept or exploit code (if possible)
• Impact of the issue, including how an attacker might exploit the issue

Your report will be acknowledged as soon as possible and you’ll receive a more detailed response to your report after our analysis. We take all reports seriously and will investigate all reported vulnerabilities.

We are committed to the principle of security in depth. We aim to implement multiple layers of security controls throughout our project to protect it even if one measure fails. We encourage contributions that focus on security hardening, such as improvements in encryption, secure coding practices, dependency updates, and configuration changes that enhance security.

If you have suggestions or contributions that can help improve our project's security posture, please feel free to open an issue or submit a pull request directly. We value direct contributions and ideas related to security hardening and are eager to collaborate with the community to make our project more secure.

We follow the principle of Coordinated Vulnerability Disclosure to ensure that security issues are addressed quickly and effectively. We are committed to working with security researchers and users to verify, reproduce, and respond to legitimate reported vulnerabilities.

We appreciate your efforts to responsibly disclose your findings and will make every effort to acknowledge your contributions.

Thank you for helping us keep our project and the wider community safe.