We attach great importance to the security of our users, but we are humans and not infallible. That's why we rely on you, the open source contributors, to inform us about actual and possible security vulnerabilities. Please follow the guideline below to get in touch with us, even if you're not sure, if your issue is regarding security.
Please do not open public GitHub issues for security vulnerabilities.
To report a vulnerability, use the GitHub Security advisory workflow:
- Go to the repository's "Security" tab.
- Click "Report a vulnerability" to open the private advisory form.
- Provide details and steps to reproduce (if available), impact, and any suggested fixes.
Reports submitted via the advisory form are private and only visible to the maintainers. We aim to acknowledge new reports within two business days and will work with you to validate and remediate the issue as quickly as possible.
Thank you for helping keep this project secure.