Project mainainers and community contributors take security issues seriously. We appreciate efforts to disclose potential issues responsibly, and we aim to acknowledge viable contributions. To aid investigation of any reported vulnerability(s), please follow the guidelines below when submitting your finding.
To report a suspected security issue, use private vulnerability reporting.
- Click the
Securitytab - Click the
Report a vulnerabilitybutton
Then provide the following information with suspected security issues:
- Your name and affiliation
- Version/build-date of project
- Issue description
- Steps to reproduce the issue
- Current public knowledge of this vulnerability (e.g. related CVE, security advisory, etc.), if known
In project release notes, we'll acknowledge contributors who provide security-related insights in their commits.