The security of this project is taken seriously. We appreciate the efforts of security researchers and the community to help keep our project safe. If you discover a security vulnerability, we encourage you to report it to us privately.
Please DO NOT report security vulnerabilities through public GitHub issues.
Instead, please send an email to security@example.com (replace with a real, private email address).
We will make every effort to respond to your report promptly. Please include the following information in your report:
- A clear and descriptive title.
- A detailed description of the vulnerability.
- Steps to reproduce the vulnerability.
- The potential impact of the vulnerability.
- Any proof-of-concept code, screenshots, or logs that can help us understand the issue.
If you report a security vulnerability, we commit to:
- Acknowledging receipt of your report in a timely manner.
- Providing you with an estimated timeline for addressing the vulnerability.
- Notifying you when the vulnerability has been fixed.
- Giving you credit for your discovery, if you wish.
We kindly ask that you do not disclose the vulnerability publicly until we have had a chance to address it.
This security policy applies to the latest version of the code in the main branch of this repository.
We consider security research and responsible disclosure to be a valuable and beneficial activity. We will not take legal action against you for disclosing a vulnerability, as long as you act in good faith and follow this policy.
Thank you for helping to keep our project secure.