If you discover a security vulnerability in this project, please report it responsibly using GitHub's private vulnerability reporting rather than opening a public issue.
This allows the details to remain private until a fix is in place.
To help investigate the issue, please provide as much of the following as possible:
- A description of the vulnerability and its potential impact.
- Steps to reproduce the issue.
- Any relevant code, configuration, or environment details.
This is a solo project maintained in spare time. I will endeavour to:
- Acknowledge your report as soon as reasonably possible.
- Keep you informed of progress towards a fix.
- Credit you in any disclosure (unless you prefer to remain anonymous).
There are no guaranteed SLAs, but all legitimate reports will be taken seriously and handled with care.
- Vulnerabilities in third-party dependencies (please report those upstream).
- Issues only reproducible in unsupported or unofficial builds.