The repository management team takes security issues very seriously. We appreciate your efforts to responsibly disclose any security vulnerabilities you find.

If you discover a security vulnerability, please send an email to [email protected]. Please do not create a public issue for the vulnerability.

Your email should include the following information:

• A description of the vulnerability
• Steps to reproduce the vulnerability
• Possible impact of the vulnerability
• Any suggested mitigation or remediation steps

We will respond to your email as soon as possible and work with you to address any security issues.

At this time, we do not offer a bug bounty program.

Maintainers are responsible for the security of the project. This includes:

• Responding to security reports in a timely manner
• Investigating reported vulnerabilities
• Developing and releasing patches for confirmed vulnerabilities
• Communicating with the reporting party as the issue is addressed

• We will acknowledge receipt of your report within one of our business days as soon as possible.
• We will confirm the vulnerability and determine its impact.
• We will release a fix as soon as possible, depending on the complexity of the issue.
• We will communicate the vulnerability and any patches or workarounds to our users.

Thank you for your help in making this repository a more secure place.