Do not report security vulnerabilities through public GitHub issues. Instead, you can report security vulnerabilities using our security page. Please include as much of the following information as possible:
- Type of issue (e.g. buffer overflow, privilege escalation, etc.)
- The location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- If applicable, which platforms are affected
- Step-by-step instructions to reproduce the issue
- Impact of the issue, including how an attacker might exploit the issue
We prefer to receive reports in English. If necessary, we also understand Dutch and Frisian.
We adhere to the principle of coordinated vulnerability disclosure.
Security advisories will be published on our github advisories page and possibly through other channels.