This crate is in a pre-release state, at this point minor version changes are used for backward compatibility changes. Security fixes will be published as a patch version on the most recent minor version.
Please report security bugs by email to trust@reedwolf.com to disclose it privately.
Don't forget to mention which project you found the bug in, as we deal with multiple repositories.
We will pick it up and Create a Github Security Advisory and invite you to the private discussion.
Once a reasonable fix is agreed on we will:
- Release the fix
- May yank affected versions
- Publish the
Github Security Advisory - Submit an advisory to rustsec/advisory-db.
Any improvments to security related tests are welcome, use the same process as above, as these might uncover further problems.
Thank you.