We are committed to ensuring the security of our application, and addressing security issues with a high priority.
We recommend always using the latest commit from the main branch, as we currently do not have a formal versioning scheme with designated security support.
If you discover a security vulnerability, please report via the following methods:
- GitHub Private Vulnerability Reporting: If this feature is enabled for the repository, please use it to submit your report. This is the most secure and preferred method.
- Create a Confidential Issue: If private vulnerability reporting is not available, please create an issue on our GitHub repository. Please provide a clear and descriptive title, such as "Security Vulnerability: [Brief Description]", and include as much detail as possible in the issue description. If you have the option to make the issue confidential, please do so.
Please include the following information in your report:
- A clear description of the vulnerability.
- Steps to reproduce the vulnerability.
- The version of the application you are using.
- The potential impact of the vulnerability.
- Any suggested mitigations or fixes, if you have them.
We appreciate your efforts to responsibly disclose your findings, and we will make every effort to acknowledge your contributions. We will make our best effort to respond to your report promptly, acknowledge the issue, and keep you updated on our progress toward a fix. We kindly ask that you do not disclose the vulnerability publicly until we have had a chance to address it.
Please do not report security vulnerabilities through public GitHub issues nor PR.
Thank you for helping to keep our project secure.