Last-update: 2023-08-24
If you encounter a potential security vulnerability in this project, please report it via email to [email protected] and CC [email protected]. We will work with you to verify the vulnerability and patch it.
When reporting security issues, please provide the following information:
- Component(s) affected
- A description indicating how to reproduce the issue
- A summary of the security vulnerability and impact
We request that you contact us via the email address above and give the project contributors a chance to resolve the vulnerability and issue a new release prior to any public exposure; this helps protect the project's users, and provides them with a chance to upgrade and/or update in order to protect their applications.
If a reported security vulnerability is verified by us, our policy is to:
- Patch the current release branch
- A security advisory will be released on the project GitHub detailing the vulnerability, as well as recommendations to mitigate the vulnerability.