Security Policy
Reporting a Vulnerability
Please do not create a public GitHub issue for security vulnerabilities.
Instead, use GitHub's private reporting flow:
- Go to this repository → Security tab
- Open Advisories
- Click New draft security advisory
- Include:
- a short description of the issue
- steps to reproduce (proof-of-concept if safe)
- affected versions/commits (if known)
- impact assessment (what an attacker can do)
We will respond as soon as possible and coordinate a responsible disclosure.