There are three channels for reporting security vulnerabilities:
- Actively exploited vulverabilities should be reported by Discord DM to '@mrogalski.eu'.
- Vulnerabilities that could lead to remote code execution (stack overflows, data races) should be reported through an email to "Marek Rogalski [email protected]".
- All other vulnerabilities (DoS, crashes) should be reported through GitHub issues.
Project is not staffed so expect response latency up to 24 hours for issues reported through Discord and up to 1 week for issues reported through email & GitHub.
In all cases a fix is always welcome.
It's good to avoid disseminating details of vulnerabilities for some time after they're fixed because it gives time for regular users to safely update. Black hats may be watching!