We take security seriously. We appreciate your efforts to disclose your findings responsibly and will make every effort to acknowledge your contributions.
To report a security vulnerability, please email us at [email protected]. Please do not create public GitHub issues for security vulnerabilities.
We will acknowledge receipt of your vulnerability report within 24 hours and will strive to provide regular updates about our progress in addressing the vulnerability.
Please provide the following information when reporting a security vulnerability:
- Description of the vulnerability
- Steps to reproduce the vulnerability
- Versions affected
- Any additional information that might be useful
We will acknowledge receipt of your vulnerability report within 24 hours, excluding weekends and holidays. We will then work diligently to assess and address the vulnerability promptly.
We prioritize the handling of security vulnerabilities and strive to provide updates and fixes promptly.
We request that you only disclose the details of the vulnerability or related correspondence once we have had an opportunity to address the issue. Once the vulnerability has been resolved, we will coordinate with you on an appropriate timeline for public disclosure.
This security policy applies to vulnerabilities in this project. If you discover a vulnerability in a dependency, please report it directly to the maintainer of that project.
We do not currently offer a bug bounty program, but we sincerely appreciate and acknowledge the contributions of security researchers who responsibly disclose vulnerabilities to us.
Thank you for helping to keep this project secure!