We take security seriously and appreciate researchers who responsibly disclose vulnerabilities.
- Private Disclosure: Do not disclose vulnerabilities publicly until we've had time to investigate and release a fix.
- Response Time: We aim to respond within 48 hours and provide regular updates.
- Safe Harbor: We consider vulnerability research conducted in accordance with this policy to be authorized activity.
Please submit vulnerability reports to our security team via:
Preferred Method:
- Email: [email protected]
- X (Twitter): kartik_mehta8
- Subject: "Security Vulnerability Report: [Brief Description]"
Required Information:
- Description of the vulnerability and affected components.
- Step-by-step reproduction instructions.
- Impact assessment (including potential attack scenarios).
- Any suggested mitigation or fixes.
Optional but Helpful:
- Proof of concept code or exploit scripts.
- Related vulnerability references. (CVE, CVSS, etc.)
- Your contact information for follow-up questions.
- We will acknowledge receipt of your report within 48 hours.
- We will provide regular updates on our progress toward resolution.
- We will notify you when the vulnerability is fixed and give credit if desired.
- We will strive to address critical vulnerabilities within 14 days.
All security updates will be released through:
- GitHub Releases with clear version tagging.
- Security advisories in the repository (when applicable)
To ensure your safety when using this project:
- Always use the latest stable version.
- Review the changelog for security-related updates.
- Follow principle of least privilege when configuring permissions.
We gratefully acknowledge security researchers who contribute to our project's safety through responsible disclosure.