We take the security of our projects very seriously. Therefore, we try to react to reports as fast as possible. However, please allow us some time to implement the necessary changes.
Please report (suspected) security vulnerabilities to [email protected] and do not use the regular GitHub issues. You will receive a response from us within 48 hours. If the issue is confirmed, we will release a patch as soon as possible, depending on the complexity and severity. If you do not hear from us, please follow up to confirm, we received your original message.
Please include as much information as possible with your report. If you have steps to reproduce, that will greatly speed up the fix.