🛡️ Found a security issue? Read on.
If you discover a vulnerability, please:
- E-mail your findings to
a AT strappazzon DOT xyz - Do not take advantage of the vulnerability or problem you have discovered
- Do not reveal the problem to others until it has been resolved
- Do provide sufficient information to reproduce the problem, so we will be able to resolve it as quickly as possible. Complex vulnerabilities may require further explanation!
When reporting an issue, where possible, please provide the requested information listed below (as much as you can provide):
- The project and commit version the issue was identified at
- Full path(s) of source file(s) related to the manifestation of the issue
- A proof of concept or exploit code (if possible)
- Steps to reproduce
- Impact of the issue, including how an attacker might exploit the issue
- Your recommended remediation(s), if any
For sensitive email communications, please use this PGP key.
When a reported security vulnerability is verified:
- We will patch the current release branch
- We will give your name as the discoverer of the problem (unless you desire otherwise)
- After patching the release branches, we will immediately issue a new security fix release
This policy is adapted from: