We take the security of this project seriously. If you believe you have found a security vulnerability, please report it to us confidentially.
Please do not report security vulnerabilities via public GitHub issues.
Please report vulnerabilities through GitHub's Private Vulnerability Reporting feature for this repository:
- Navigate to the repository page on GitHub.
- Click on the "Security" tab.
- Click "Advisories" and then "Report a vulnerability".
If Private Vulnerability Reporting is not active or you need to contact the maintainers directly, please check the repository's main profile/organization page for contact details.
Reported vulnerabilities will be triaged and addressed in accordance with the severity gates and SLAs defined in the Security Architecture.
We will not take legal action against you or request law enforcement to investigate you if you act in good faith, report the vulnerability to us promptly, and adhere to the guidelines of this policy.