Thanks for caring about security! We take reports seriously — here’s how to responsibly disclose issues.
-
If you discover a security issue, do not create a public issue. Instead, email the maintainer:
Include:
- A concise description of the issue
- Steps to reproduce or a PoC (if safe to share)
- Any impact analysis (data exposure, escalation, etc.)
-
We will respond within a few business days to acknowledge receipt and provide next steps.
- We’ll investigate and, if necessary, privately coordinate a fix and release before public disclosure.
- If the issue is severe, we may need additional details (logs, environment information) to reproduce.
- Avoid public disclosure of sensitive PoC details until a fix is available.
- Do not exploit any bug you find for personal gain.
Thanks — your help keeps this project safe and healthy!