Please do not open a public issue for a suspected vulnerability.
Preferred reporting path:
- Use GitHub private vulnerability reporting for this repository, if available.
- If private reporting is unavailable, contact via Telegram:
@SergePauli. - If neither option works, open a minimal public issue without exploit details and ask for a private contact channel.
Include:
- affected version or commit
- impact summary
- reproduction steps
- proof of concept, if safe to share privately
- suggested mitigation, if known
- Initial triage target: within 7 days
- Valid reports will be investigated and prioritized based on impact
- Fixes may be shipped privately first and disclosed publicly after a patch is available
Security fixes are expected for the latest mainline code. Older commits or forks may not receive backports.