If you have discovered a potential security vulnerability in this project, please report it privately. Do not disclose it as a public issue. This gives us time to work with you to fix the issue before public exposure, reducing the chance that the exploit will be used before a patch is released.
Please disclose it at our security advisory.
This project is maintained by a team of volunteers on a reasonable-effort basis. As such, vulnerabilities will be disclosed in a best effort base.
We will work with you to verify the vulnerability and fix it.
If we verify a reported security vulnerability, our policy is:
- We will try to fix this on the current development branch.
- After the fix, we will immediately made a new snapshot release available.
- Depending on the vulnerability, we will publish a new release.
A security advisory will be released on the project website detailing the vulnerability, as well as recommendations for end-users to protect themselves.