Skip to content

Latest commit

 

History

History
40 lines (27 loc) · 1.47 KB

SECURITY.md

File metadata and controls

40 lines (27 loc) · 1.47 KB

Security Policy

Reporting a Vulnerability

Your assistance in identifying vulnerabilities in our project is greatly appreciated. We take all disclosures seriously.

If you discover a vulnerability, please do the following:

  1. DO NOT open an issue. We prefer to keep vulnerability reports private.
  2. Email us directly at [email protected] with as many details as possible about the vulnerability.

Your report should include:

  • A description of the vulnerability
  • Steps to reproduce the issue, if possible
  • Potential impact of the vulnerability
  • Any potential solutions or mitigations you can think of

We'll acknowledge your email within 48 hours, and will send a more detailed response within 48 hours indicating the next steps in handling your report.

After the initial reply to your report, we'll endeavor to keep you informed about our progress towards closing the issue and may ask for additional information or guidance.

Disclosure Policy

Once we have a fix, we will publish a security advisory in the GitHub repository that details the issue and the steps users should take to mitigate it. Public disclosure will only occur after the fix has been implemented and tested.

This will generally be within 14 days, but the exact timeline will depend on the severity and complexity of the issue. You will be kept informed of all dates and details.

Comments on this Policy

If you have suggestions on how this process could be improved, please submit a pull request.