We take the security of our repository seriously. If you discover a security vulnerability, we appreciate your help in disclosing it to us in a responsible manner. Please do not report security vulnerabilities using public GitHub issues.
To report a vulnerability, please use the GitHub Private Vulnerability Reporting feature. This feature ensures that your report is only visible to the repository maintainers and GitHub's security team.
- Report the vulnerability here
- Fill in the details of the vulnerability. Please provide as much information as possible to help us understand and resolve the issue promptly.
- Submit the report.
Once we receive your report, we will:
- Acknowledge the receipt of your vulnerability report within 48 hours.
- Communicate with you to confirm the vulnerability and gather any necessary information.
- Take the necessary steps to resolve the issue as quickly as possible, and inform you when the issue has been fixed.
Please submit your vulnerability reports in English.
We are committed to resolving security issues promptly and will make every effort to address them in a timely manner. However, the time frame for fixes may vary depending on the complexity and severity of the issue.
The security policy applies to the code in this repository and any of its dependencies or related services. Please do not report vulnerabilities related to third-party services or libraries unless they are directly included in our repository.
Thank you for helping to keep our project secure!