31 lines
991 B
Markdown
31 lines
991 B
Markdown
# Security
|
|
|
|
## Reporting Security Issues
|
|
|
|
> [!WARNING]
|
|
> Do not report security vulnerabilities through public GitHub issues!
|
|
|
|
Instead, please open a private vulnerability report in this repository, on the "Security and quality" tab.
|
|
|
|
See https://docs.github.com/en/code-security/how-tos/report-and-fix-vulnerabilities/privately-reporting-a-security-vulnerability
|
|
|
|
## Report Details
|
|
|
|
We prefer all communications to be in English.
|
|
|
|
Reports should include the following:
|
|
|
|
* reproducible example showing how the vulnerability can be exploited
|
|
* statement about the impact (including affected versions)
|
|
|
|
And we'd appreciate if they also include:
|
|
|
|
* statement about whether you are interested in implementing the fix yourself
|
|
|
|
## Disclosure Policy
|
|
|
|
This project is staffed exclusively by volunteers.
|
|
Please be patient and allow us time to respond before disclosing vulnerabilities.
|
|
|
|
We prefer to coordinate disclosure privately, and are committed to giving credit for confirmed vulnerabilities.
|