If you find any security issue or vulnerability in any of my projects, don't hesitate to report them.
-
Use either GitHub's security vulnerabilty reporting feature or contact me via my private contact addresses.
-
Describe the vulnerability.
If you have a fix, that is most welcome -- please attach or summarize it in your message!
-
I will evaluate the vulnerability and, if necessary, release a fix or mitigating steps to address it. I will contact you to let you know the outcome, and will credit you in the report.
Please do not disclose the vulnerability publicly until a fix is released!
-
Once I have either a) published a fix, or b) declined to address the vulnerability for whatever reason, you are free to publicly disclose it.