Please do not report security vulnerabilities in public GitHub issues.
Report vulnerabilities privately by email:
Include as much detail as possible:
- Affected version(s)
- Reproduction steps or proof of concept
- Potential impact
- Suggested mitigation (if known)
You should receive an acknowledgment within 5 business days.
Security fixes are generally applied to the latest published release.
- We will acknowledge receipt
- We will investigate and validate the report
- We will coordinate on remediation and disclosure timing
- We will publish a fix and release notes when available