If you discover a security issue in this project, please follow the guidelines below.
Do not report security vulnerabilities through public GitHub issues.
Instead, please report security vulnerabilities by emailing the project's security team. The team will investigate and respond as soon as possible.
Please include the following information in your report:
- A description of the vulnerability
- Steps to reproduce the issue
- Potential impact of the vulnerability
- Any suggested fixes or mitigations (if available)
- Acknowledgment: We will acknowledge receipt of your report within 48 hours
- Assessment: We will assess the vulnerability and determine the severity
- Resolution: We will work on a fix and coordinate the disclosure
- Credit: We will credit you for the discovery (unless you prefer to remain anonymous)
Only the latest release receives security patches. Users are encouraged to upgrade to the latest version to receive security fixes.
- Keep all dependencies up to date
- Enable two-factor authentication on your GitHub account
- Follow the principle of least privilege when granting access
- Review code changes carefully before merging