If you discover a security vulnerability, please report it responsibly opening a private security report via GitHub's security advisories.
We will respond to reports as quickly as possible. Do not include proof-of-concept exploit code in a public issue.
- Acknowledge receipt within 48 hours
- Provide an initial assessment within 7 days
- Work with the reporter to coordinate disclosure once a fix is available