If you discover a vulnerability, do not submit an issue or pull request. Report the vulnerability by sending an email to [email protected] with the following information.

• A detailed description of the vulnerability
• Steps needed to reproduce the vulnerability
• Any potential impacts of the vulnerability
• Any suggestions to fix the vulnerability

While we can not provide a bug bounty, you will receive a response confirming the vulnerability and the steps we will take to resolve or mitigate it.

Depending on the severity of the vulnerability, we will notify users immediately or when a patch to resolve or mitigate it is released. Once resolved or mitigated, we will disclose the vulnerability publicly and credit the reporter.