We take the security of our software and services seriously. This document contains a set of guidelines and discusses how to safely deal with a security vulnerability.
Please DO NOT report security vulnerabilities through public GitHub issues.
If you believe you have found a security vulnerability in this project, please report it to us as described below. We will investigate all legitimate reports and do our best to quickly fix the problem.
To report a security issue, email [email protected]
and include the word SECURITY
in the subject line.
In addition, please include the following information along with your report (as much as you can provide) to help us better understand the possible issue:
- Affected version(s)
- Type of issue (e.g. XSS, CSRF, SQL injection, etc.)
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- An explanation of who can exploit this vulnerability, and what they gain when doing so -- write an attack scenario. This will help us evaluate your report quickly, especially if the issue is complex.
We'll endeavor to respond quickly, will keep you updated on the progress towards a fix and full announcement, and may ask for additional information.
Thank you for improving the security of this project. Your efforts are greatly appreciated and will be acknowledged.