DISCLAIMER!
- This is an opensource project. Best effort will be made to support its security and resiliency but as per license, no warranty.
When applicable, Security Advisories will be created inside GitHub following Creating a repository security advisory.
Please use one of below process to report a vulnerability to the project:
- GitHub issue "Report a security issue":
- GitHub Private vulnerability reporting
- Bug Bounty
If issue is critical and not public, please use the web form. You can use First.org Common Vulnerability Scoring System Version 3.0 Calculator to score vulnerability.
Do not forget to tell us if and how you want to be acknowledged.
This project follows an immediate (public issue) or 30-days (private) disclosure timeline.
This project won't request CVE(s).
This project is not part of any Bug Bounty program.
Only latest release or tag is supported along HEAD for main branch.
We prefer all communications to be in English.