If you discover any security issues or vulnerabilities, please report them to us privately. Do not create a public issue.

How to report a security vulnerability:

1. Contact: Please use the GitHub mechanism for privately reporting a vulnerability.

   1. Under this repository's security tab...
      • ...in the left sidebar...
      • ...under "Reporting"...
      • ...click "Advisories"
   2. Click the "New draft security advisory" button to open the advisory form.

2. Response Time: We will acknowledge your report within 24 hours and provide an initial assessment within 48 hours.

3. Fixes: Once the issue is confirmed, we will work to issue a fix as soon as possible and will keep you informed of our progress.

We commit to working with security researchers and the community to verify and address any potential vulnerabilities. We ask that the following guidelines be followed to ensure an effective resolution:

1. Non-Disclosure: Do not disclose the vulnerability publicly until we have had a reasonable chance to fix it. We will inform you when the issue is resolved.
2. Cooperation: We may need additional information from you to effectively address the issue. Please cooperate with us during this process.

Thank you for helping us keep our project secure!

We gladly welcome patches to fix such vulnerabilities! See CONTRIBUTING.md for information about contributions.