This document provides guidelines on how to report security vulnerabilities in the project.
If you discover a security vulnerability, please follow the guidelines below to report it securely and responsibly:
-
Do not open public issues: Please do not submit public issues or pull requests containing details of the vulnerability. This could allow others to exploit the issue before it's fixed.
-
Contact: Send an email to [email protected] or open a private ticket in the repository to report the issue. Please provide as many details as possible, including:
- Description of the vulnerability
- Steps to reproduce it
- Potential impact
- Any code or examples of how the vulnerability can be exploited
-
Acknowledgment: All security reports will be handled with the utmost seriousness, and you will be publicly credited if the issue is resolved.
When we receive a security report, we follow this process:
- We confirm receipt of the report within 48 hours.
- We analyze and prioritize the vulnerability.
- We work on fixing the issue promptly.
- We inform the reporter when a fix is ready.
Thank you for helping keep this project secure!