DO NOT create a public GitHub issue if you discover a security vulnerability. Instead, please follow the steps outlined below to report it responsibly.
-
Email: Send an email to [email protected] with a detailed description of the vulnerability. Please do not include sensitive information in the initial email.
-
Response: We will acknowledge your email within 48 hours, detailing the next steps in the disclosure process.
-
Investigation: Our security team will investigate and validate the reported issue. We may ask for additional information or clarifications during this process.
-
Resolution: Once the issue is confirmed, we will work to address and resolve it. We prioritize the severity of the issue and aim to provide a fix as soon as possible.
-
Disclosure: We will coordinate with you regarding the disclosure of the vulnerability, ensuring it is responsibly disclosed to the public.
-
Provide as much detail as possible in your initial report, including the nature of the vulnerability, affected components, and potential impact.
-
Do not exploit or further investigate the vulnerability without explicit permission from us.
-
Respect our users' privacy and data. Do not access, modify, or delete data that does not belong to you.
-
Follow responsible disclosure principles. We appreciate your assistance in keeping our users and systems safe.
Describe the security measures you have implemented or recommend for your users, such as using strong passwords, enabling multi-factor authentication (MFA), or regular software updates.
Mention any specific policies or guidelines you have for responsible disclosure of security vulnerabilities.
Include any additional resources or links to relevant documentation related to security practices, such as security guidelines, best practices, or security-related FAQs.