This security policy outlines how to report and handle security vulnerabilities in our project.

If you discover a potential security vulnerability, please email us at [email protected] with the details. To protect our users, we request that you do not publicly disclose the vulnerability until it has been addressed.

When reporting a vulnerability, please include as much of the following information as possible:

• A detailed description of the vulnerability
• Steps to reproduce the issue
• Any relevant logs or screenshots
• Your contact information (optional)

We will acknowledge your report within 7 days and provide a preliminary response.

Upon receiving a vulnerability report, we will:

1. Acknowledge receipt of the report within 7 days.
2. Assess the severity and impact of the vulnerability.
3. Develop and test a fix.
4. Release a security update once the vulnerability is fixed.
5. If necessary, issue a security advisory to inform users.

We aim to address all critical vulnerabilities within 30 days. If a fix takes longer, we will provide updates on the progress to the reporter.

We will publish all security advisories on the project's releases page. Please check this page regularly to ensure your version is up-to-date and secure.

We ask that all reporters practice responsible disclosure by not publicly disclosing vulnerability details until a fix has been made. We believe responsible disclosure helps ensure the safety of our users while giving the development team adequate time to address the issue.