If you discover a security vulnerability, please report it privately through GitHub Security Advisories with as much detail as possible: description, steps to reproduce, and any relevant code or screenshots.
Please do not open a public GitHub issue for suspected vulnerabilities.
- We will acknowledge your report within 24 hours
- We will triage and assess severity within 5 business days
- We will keep you updated on progress until the issue is resolved
Once a fix is released, we will publicly disclose the vulnerability and our response.
If we determine a report does not pose a security risk, we will explain our reasoning.