If you discover a security vulnerability in this project, please follow the steps below to report it:
-
Do not open a public issue: Please do not report security vulnerabilities in public issues. This helps prevent the vulnerability from being exploited before it can be addressed.
-
Contact us directly: Send an email to our security team at [email protected] with the following details:
- A description of the vulnerability
- Steps to reproduce the vulnerability
- Any potential impact or severity of the vulnerability
- Any additional information that may help us understand and address the issue
-
Provide a proof of concept: If possible, include a proof of concept (PoC) demonstrating the vulnerability. This helps us verify and understand the issue more quickly.
-
Coordinate disclosure: We will work with you to understand the issue and develop a fix. We may ask you to keep the details of the vulnerability confidential until we have released a patch.
We take security vulnerabilities seriously and will respond to your report as quickly as possible. Our typical response time is within 48 hours. We will keep you informed of our progress and may reach out for additional information if needed.
We appreciate your efforts to responsibly disclose security vulnerabilities. If you report a valid vulnerability, we will acknowledge your contribution in our release notes and may offer a token of appreciation as a thank you.
To help ensure the security of this project, we follow these best practices:
- Regularly update dependencies to address known vulnerabilities
- Conduct code reviews to identify and address potential security issues
- Implement input validation and sanitization to prevent common attacks such as SQL injection and cross-site scripting (XSS)
- Use secure coding practices and follow industry standards for security
Thank you for helping us keep this project secure.