The CORE team and community take security bugs in CORE seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.

Please do not open GitHub issues or pull requests to address security vulnerabilities - this will make the problem immediately visible to everyone, including malicious actors.

To report a security vulnerability, email opensource@telicent.io

To help us triage and action your report quickly, please include the following in your report:

• Product Name
• Description of the vulnerability
• Impact of vulnerability
• Steps to reproduce

The CORE team will send a response indicating the next steps in handling your report. After the initial reply to your report, the security team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.

Please report security bugs in third-party modules to the person or team maintaining the module.