If there are any vulnerabilities in citric, don't hesitate to report them.

1. Contact me at edgarrm358@gmail.com.

2. Describe the vulnerability.

   If you have a fix, that is most welcome -- please attach or summarize it in your message!

3. I will evaluate the vulnerability and, if necessary, release a fix or mitigating steps to address it. I will contact you to let you know the outcome, and will credit you in the report.

   Please do not disclose the vulnerability publicly until a fix is released!

4. Once I have either a) published a fix, or b) declined to address the vulnerability for whatever reason, you are free to publicly disclose it.