If you discover a security vulnerability, please report it privately.
Do not open a public issue for security vulnerabilities.
Include in your report:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
Warning
If you submit AI slop generated reports, you will be blocked.
- Initial response: within 48 hours
- Status update: within 7 days
- Fix timeline: depends on severity and complexity
- We'll work with you to understand and resolve the issue
- We'll credit you in the fix announcement (unless you prefer to remain anonymous)
- Please allow us reasonable time to address the vulnerability before public disclosure