At our GitHub project, we take security seriously and strive to maintain the highest level of security for our users. We encourage all members of our community to report any security-related bugs they discover to us as soon as possible. In order to ensure that these reports are handled in a secure and efficient manner, we have established the following policy:
-
Reporting Security-Related Bugs: If you believe that you have discovered a security-related bug in our project, please report it to us immediately by sending an email to [email protected]. Please do not open a GitHub issue for security-related bugs, as this may put our users at risk.
-
Providing Details: When reporting a security-related bug, please provide as much detail as possible, including a detailed description of the issue, steps to reproduce the problem, and any relevant code or screenshots. This will help us to quickly identify and address the issue.
-
Confidentiality: We take the confidentiality of security-related bug reports very seriously. We will keep all information related to the bug confidential and will not share it with anyone outside of our team without your permission, except as required by law.
-
Resolution: We will work diligently to resolve the issue as quickly as possible and will keep you informed of our progress throughout the process.
-
Public Disclosure: Once the issue has been resolved, we will make a release and announce the security fix through our normal communication channels. When it makes sense we may also obtain a CVE ID.