I'm always on the lookout for security vulnerabilities in our project. If you've found something that looks like a security issue, I'd really appreciate it if you let me know.
If you have discovered a security vulnerability, we appreciate your help in disclosing it to us in a responsible manner.
We request you to report it by creating a Private Security Advisory on GitHub. To create a Private Security Advisory:
- Navigate to the main page of the repository
- Under your repository name, click Security
- Click the Report a vulnerability button
For a more detailed step-by-step guide, please follow the instructions in the GitHub Docs.
When reporting a vulnerability, please provide as much information as you can about the issue so that we can handle it appropriately. This can include steps to reproduce, the impact of the issue, and anything else you believe is relevant.
After you have reported the issue, we will respond as quickly as we can to acknowledge your report and we will strive to keep you informed about the progress of resolving the issue.
Please do not disclose the issue publicly until we've had a chance to address it.
We value your effort in making our project more secure, and we thank you in advance for your assistance. We also want to assure you that we will give credit where it's due and will acknowledge your discovery when we make a public announcement of the security issue (unless you wish to remain anonymous).
If you have any questions about our Security Policy, feel free to get in touch by creating an issue in our repository. Thank you for helping us make the software safer and more reliable for everyone.