The security of our projects and users is a top priority.
This document outlines how to report security vulnerabilities responsibly.
If you discover a security issue, do not open a public issue.
Instead:
- Report it privately to the organization owner or maintainers
- Provide clear steps to reproduce the issue
- Include any relevant logs, screenshots, or proof-of-concept code
We ask that you:
- Allow reasonable time for the issue to be addressed before public disclosure
- Avoid exploiting the vulnerability beyond what is necessary to demonstrate it
- Act in good faith to protect users and systems
Upon receiving a valid report, we will:
- Acknowledge receipt of the report
- Investigate and assess the impact
- Work on a fix or mitigation
- Release an update if necessary
- Credit the reporter when appropriate (if desired)
This policy applies to:
- All repositories under this organization
- Production, staging, and development environments
Thank you for helping keep our projects secure.