We take security seriously and encourage the community to help us identify and address potential vulnerabilities in our project. If you discover a vulnerability, please follow these steps:
-
Report the vulnerability privately: Open a private issue
-
Provide details: Include a detailed description of the vulnerability, steps to reproduce it, and any potential impact.
-
CVEs: If we verify the vulnerability, we will work with GitHub to assign a CVE ID. Please note that CVEs will only be assigned for vulnerabilities in the official repository.
We are committed to keeping our users safe, and your responsible disclosure helps us improve the security of our project. Thank you for contributing to a safer open-source ecosystem!
We recommend that users update to the latest stable release to avoid vulnerabilities.
For added security:
- Regularly update your dependencies.
- Follow the latest security advisories from the official repository.
- Implement secure configurations as advised in our documentation.