Thank you for helping keep this project and its users safe. If you believe you've found a security vulnerability, please follow this policy.
- Do not create a public issue for security vulnerabilities. Instead, contact the maintainers privately.
- Email: security@your-org.example (update with your organization's security contact) or open a private GitHub Security Advisory if available.
- Provide clear reproduction steps, affected versions, impact summary, and suggested mitigations.
- We will acknowledge receipt within 3 business days and provide an estimated timeline for a fix.
- Critical vulnerabilities will be prioritized and fixed as soon as possible. We may coordinate disclosure timelines with affected parties.
- Please do not post proof-of-concept code publicly until the issue is resolved or coordinated disclosure is agreed.
- If you need to share proof-of-concept code, use private channels or GitHub Security Advisories.
- @stevencarlson