Please do not report security vulnerabilities through public GitHub Issues. We use GitHub's Private Vulnerability Reporting system to keep our users safe while we develop a fix. To report a vulnerability:
- On the main page of this repository, click Security.
- On the left sidebar, under "Reporting", click Advisories.
- Click Report a vulnerability.
- Fill out the details (description, steps to reproduce, and potential impact).
We will review your report and get back to you through the private advisory thread as soon as possible.
- Responsible Disclosure: We aim to acknowledge all reports within 48 hours.
- Credit: We are happy to credit researchers for their discoveries in our release notes (unless you prefer to stay anonymous).
- Safe Harbor: We will not pursue legal action against anyone who acts in good faith and follows this policy.