Please do not report security vulnerabilities through public GitHub issues.
A responsible disclosure policy helps protect users of the project from public disclosure of security vulnerabilities without a fix available. We achieve that by following the process where vulnerabilities are first triaged in a private manner, and are only publicly disclosed after a reasonable time period of the patch being available for users.
We kindly ask you to refrain from malicious acts that put our users, the project, or any of the project’s team members at risk.
We consider the security of the project a top priority.
If you discover a security vulnerability, please use one of the following means of communications to report it to us:
- Report the security issue to the Snyk Security Team. They will help triage the security issue and work with all involved parties to remediate and release a fix.
We sincerely appreciate your efforts to responsibly disclose your findings with us.