We take the security of this project seriously. If you discover a security vulnerability, please report it responsibly.
Please do NOT report security vulnerabilities through public GitHub issues.
Instead, please report them via:
- Create a draft security advisory in the Security tab
- Or contact the maintainers directly
Please include the following information in your report:
- Type of issue (e.g., buffer overflow, SQL injection, cross-site scripting, etc.)
- Full paths of source file(s) related to the issue
- The location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit it
We will acknowledge your report within 48 hours and will send a more detailed response within 5 days indicating the next steps in handling your report.
We prefer all communications to be in English.
If you're contributing to this project, please follow these security best practices:
- Never commit sensitive information (API keys, passwords, etc.)
- Keep dependencies up to date
- Validate all user inputs
- Use parameterized queries for database operations
- Implement proper authentication and authorization
- Log security-relevant events
Thank you for helping keep this project secure!