This document outlines the security policy for this repository and provides guidance on how to report security vulnerabilities.
If you discover a security vulnerability, please report it by sending an email to [email protected]. Please include the following details in your report:
- A brief description of the vulnerability
- Steps to reproduce the vulnerability
- Potential impact of the vulnerability
- Any additional information that may be helpful in addressing the vulnerability
This security policy applies to all aspects of this repository, including but not limited to:
- Source code
- Documentation
- Issues
- Pull requests
- Dependencies
- Infrastructure
Upon receiving a security vulnerability report, we will strive to respond in a timely manner and keep the reporter informed of our progress towards a resolution.
We will investigate the vulnerability and determine its severity and impact. Depending on the severity of the vulnerability, we will take appropriate action to address it, which may include:
- Developing a fix and releasing a patch
- Disabling the affected functionality
- Providing mitigations or workarounds
- Communicating with users about the vulnerability
We will disclose security vulnerabilities and our response to them in a responsible and timely manner, in accordance with industry best practices. We may include security advisories in our release notes or on our website, and we may also notify affected users directly if necessary.
We appreciate the efforts of security researchers and others who help us maintain the security of this repository. We will acknowledge security vulnerability reports and credit reporters as appropriate, unless anonymity is requested.
There's no bounty reward