A responsible disclosure policy helps protect users of the project from publicly disclosed security vulnerabilities without a fix by employing a process where vulnerabilities are first triaged in a private manner, and only publicly disclosed after a reasonable time period that allows patching the vulnerability.

When contacting us directly via email, we will do our best efforts to respond in a reasonable time to resolve the issue. We kindly ask you to refrain from malicious acts that put our users, the project, or any of the project’s team members at risk.

Please do not use the provided email address to report issues which are not related to security vulnerabilities

Short version: please report security issues by emailing [INSERT_EMAIL_ADDRESS].

We consider the security of our systems a top priority. But no matter how much effort we put into system security, there can still be vulnerabilities present.

If you discover security issues, we request you to disclose these in a responsible way by e-mailing to [INSERT_EMAIL_ADDRESS].

It is extremely useful if you have a reproducible test case and/or clear steps on how to reproduce the vulnerability.

Please do not report security issues on the public Github issue tracker, as this makes it visible which exploits exist before a fix is available.

Once you’ve submitted an issue via email, you should receive an acknowledgment from a member of the security team as soon as possible, and depending on the action to be taken, you may receive further followup emails.

Your efforts to responsibly disclose your findings are sincerely appreciated and will be taken into account to acknowledge your contributions.