We take the security of our project seriously. If you believe you have found a security vulnerability, we encourage you to report it to us as described below.
Please do not report security vulnerabilities through public GitHub issues.
Instead, please report them via email to: security@example.com
Please include as much detail as possible to help us reproduce and assess the issue (e.g., affected versions, configuration, proof‑of‑concept, and potential impact). Do not open a public GitHub issue or share details publicly until we have had a chance to investigate and release a fix.
For urgent security issues, please include "URGENT SECURITY" in the email subject line.
When reporting a security vulnerability, please include:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Affected versions or components
- Potential impact assessment
- Any proof-of-concept code (if applicable)
- Your contact information for follow-up questions
- Initial Response: We will acknowledge receipt of your report within 3 business days
- Regular Updates: We will provide updates on our investigation progress
- Resolution Timeline: We aim to resolve critical security issues as quickly as possible
Our security response process includes:
- Acknowledgment: We confirm receipt of your report and begin our investigation
- Assessment: We evaluate the severity and impact of the reported vulnerability
- Development: If confirmed, we develop and test a fix
- Coordination: We coordinate with you on responsible disclosure timing
- Release: We release the fix and publish security advisories as appropriate
- Follow-up: We follow up to ensure the issue is fully resolved
If we determine that a reported issue is not a security vulnerability, we will let you know and may suggest filing a regular GitHub issue instead.