If you discover a security issue, please report it privately and promptly.
Preferred reporting options:
- Submitting a GitHub Security Advisory if this repository has that feature enabled
- Opening a private issue with the label
security
Do not include security-sensitive details in a public issue.
When reporting an issue, please provide:
- A clear description of the vulnerability
- Steps to reproduce the issue
- The affected versions of the software
- Any proof-of-concept or exploit details necessary for reproduction
- We will acknowledge your report as soon as possible.
- We will respond with next steps and keep you informed until the issue is resolved.
- Once a fix is available, we will publish a disclosure and recommend an upgrade path.
This policy applies to the current version of the repository. If older versions are supported, that will be documented separately.
Our goal is to resolve security issues responsibly and transparently. If you need additional contact information, please use the repository�s maintainer channels.