If you believe you have discovered a security vulnerability in this project, please open an issue in this repository. We encourage you to provide as much detail as possible so that we can assess and address the problem quickly.
Steps to report a security vulnerability:
- Create a new issue in the repository using the "Security" label (we recommend creating a new issue instead of using existing ones).
- Do not share sensitive information publicly in the issue. If needed, you can describe the issue with enough detail without sharing the exact exploit or sensitive data.
- In the issue description, include:
- A brief description of the vulnerability.
- Steps to reproduce the issue.
- Any possible solutions or mitigation steps you suggest.
- If possible, share the version of the software you are using.
Please ensure that the issue is marked as a "Security" issue so we can prioritize and address it promptly.
We take security vulnerabilities seriously and follow a responsible disclosure process:
- We will investigate the vulnerability and provide feedback as soon as possible.
- We will notify the reporter and discuss potential fixes privately.
- After addressing the issue, we will release an update, patch, or workaround and notify users accordingly.
We commit to providing security updates and patches for Latest Version of this project. This ensures that security vulnerabilities are addressed for current or future version.
- For any major, minor, or patch versions of the project, security updates will be made available to fix reported vulnerabilities.
To receive the latest security fixes, we strongly encourage users to upgrade to the latest stable version of the software.
We encourage all users and contributors to:
- Regularly update dependencies and software.
- Use secure protocols for communication (e.g., HTTPS).
- Implement strong authentication and authorization methods.
- Follow security guidelines and the OWASP Top Ten to minimize risks.