I take security seriously and appreciate your efforts to responsibly disclose any vulnerabilities you find.
If you discover a security vulnerability in any of my projects, please report it by:
- Do NOT open a public issue - this could put users at risk
- Using GitHub's private vulnerability reporting feature
- Include the following information:
- Type of vulnerability
- Full paths of source file(s) related to the vulnerability
- Location of the affected source code (tag/branch/commit or direct URL)
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit it
- I will acknowledge receipt of your vulnerability report within 3 business days
- I will provide a more detailed response within 7 days indicating the next steps
- I will work to resolve critical issues as quickly as possible
- Please give me reasonable time to address the vulnerability before any public disclosure
- I will credit you in the security advisory (unless you prefer to remain anonymous)
Thank you for helping keep my projects and their users safe!