Welcome! If you'd like to report a security vulnerability, please email me at [email protected] or privately through a security advisory on GitHub.
Important
Please do not file issues in the public issue tracker to report potential security vulnerabilities. Doing so is discouraged until a fix is available, and puts users at risk.
Upon receiving a potential report, I will respond at the earliest. If it is found to be a legitimate and valid concern, i.e., it affects the project as a whole (whether through the software supply chain, insecure code, or otherwise), I will coordinate the release of a fix and advisory with you.
Should any security issue be reported, it will be documented here on the grounds of fairness and transparency, and a security advisory will be posted.
Suggestions and feedback on this approach are welcome. If you have any suggestions or need support, please feel free to open an issue.