If you would like to report a public issue (for example, one with a released CVE number), please report it as a GitHub issue. If you have a patch ready, submit it following the same procedure as any other patch as described in CONTRIBUTING.md.

If you are dealing with a not-yet released or urgent issue, please contact us via our Product Security team or see our Report a Bug page. Please include the following details while reporting a vulnerability:

• Description of the vulnerability
• Steps to reproduce
• Affected versions
• Potential impact
• Any relevant logs or screenshots

We follow a Coordinated Vulnerability Disclosure (CVD) process:

• Initial Response: We will acknowledge your report within 48 hours.

• Investigation: Our team will investigate the issue and provide updates.

• Resolution: We will work with you to resolve the issue and prepare a fix.

• Disclosure: Once the fix is ready, we will disclose the vulnerability and notify affected users.