If there are any vulnerabilities discovered within simple_tpl, please do not hesitate to report them.

To report a security issue, please use the GitHub Security Advisory "Report a Vulnerability" tab. If you have a fix for the issue, that is most welcome -- please attach or summarize it in your message!

I will evaluate the vulnerability and, if necessary, release a fix or mitigating steps to address it. I will contact you to let you know the outcome, and will credit you in the report.

Please do not disclose the vulnerability publicly until a fix is released!

Once either a) a fix has been published, or b) I have declined to address the vulnerability for whatever reason, you are free to publicly disclose it.

If you're a Tidelift subscriber, please use this route instead:

To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.