Users and security researchers are free to search for vulnerabilities in this project, provided that exploitation of vulnerabilities to compromise real users is PROHIBITED.

Please DO NOT report security vulnerabilities through public GitHub issues!

Use the "Report a security vulnerability" feature on "Issues" page or send email to piotr.kniaz@ya.ru.

Please include the requested information listed below (as much as you can provide) to help better understand the nature and scope of the possible issue:

• Type of vulnerability (e.g. side-channel attack, brute-force attack, compromising of passphrases or other user data, etc.);
• Full paths of source file(s) related to the manifestation of the vulnerability;
• The location of the affected source code (branch/commit or direct URL);
• Any special configuration required to reproduce the vulnerability;
• Step-by-step instructions to reproduce the vulnerability;
• Proof-of-concept or exploit code (if possible);
• Impact of the vulnerability, including how an attacker might exploit the vulnerability.

After the vulnerability is fixed, information about it will be published.