This document outlines how to privately report a security vulnerability in this repository to give us time to fix the issue before disclosure (see coordinated disclosure of security vulnerabilities). We will investigate any report as soon as possible and take appropriate measures.
Private vulnerability reporting is enabled for this repository. Follow these steps to report a vulnerability:
- Go to the "Issues" tab.
- Click on the "New issue" button.
- Click on the "Report a vulnerability" button. Do NOT use another issue type since this will be public immediately.
- Fill in the form.