If you discover a security vulnerability in this project, we appreciate your help in disclosing it to us responsibly. Please follow these steps for reporting a vulnerability:
-
Do not report the vulnerability publicly. Sharing details about the vulnerability in public forums, such as GitHub issues or mailing lists, can put other users at risk.
-
Send a report. Contact the maintainers of this project via email at
github@erbsland.dev
. In your report, please provide as much information as possible about the vulnerability, including steps to reproduce it, potential impact, and any suggestions you have for mitigating or resolving the issue. -
Wait for a response. The maintainers will acknowledge receipt of your report within 48 hours and provide you with a timeframe for addressing the issue. Please do not disclose the vulnerability to others while the maintainers are working to resolve it.
Once a vulnerability has been reported, the maintainers will take the following steps:
-
Verify the vulnerability. The maintainers will investigate the reported vulnerability and determine its validity and severity.
-
Develop a fix. If the vulnerability is valid, the maintainers will work on a patch or update to resolve the issue as quickly as possible.
-
Release the fix. Once a fix is ready, the maintainers will release it, along with a security advisory that explains the issue and provides instructions for updating to the patched version.
-
Communicate the resolution. The maintainers will notify the reporter that the vulnerability has been resolved, and may also publicly acknowledge the reporter's responsible disclosure, if desired.
We strive to follow security best practices throughout the development process, including regular dependency updates, code reviews, and testing. If you have suggestions for improving the security of this project, please feel free contacting the maintainers directly.