THE FOLLOWING TABLE LISTS THE VERSIONS OF THIS PROJECT THAT ARE CURRENTLY SUPPORTED WITH SECURITY UPDATES:

IF YOU DISCOVER A SECURITY VULNERABILITY, DO NOT OPEN A PUBLIC ISSUE OR PULL REQUEST.

INSTEAD, PLEASE REPORT IT RESPONSIBLY THROUGH THE FOLLOWING CHANNEL:

• EMAIL: XIAO
• (OPTIONAL) ENCRYPTED REPORTS CAN BE SENT USING OUR PGP KEY: 0XYOURKEYHERE

WHEN REPORTING A VULNERABILITY, PLEASE INCLUDE THE FOLLOWING DETAILS:

• AFFECTED VERSION AND COMPONENT
• DESCRIPTION OF THE VULNERABILITY
• STEPS TO REPRODUCE (MINIMAL REPRODUCIBLE EXAMPLE IF POSSIBLE)
• POTENTIAL IMPACT OR SEVERITY
• PROOF-OF-CONCEPT CODE, LOGS, OR SCREENSHOTS (IF AVAILABLE)

• ACKNOWLEDGEMENT OF YOUR REPORT WITHIN 72 HOURS
• INITIAL ASSESSMENT AND TRIAGE WITHIN 7 DAYS
• DEVELOPMENT AND VALIDATION OF A FIX
• COORDINATION OF RESPONSIBLE DISCLOSURE
• PUBLIC SECURITY ADVISORY RELEASED AFTER FIX IS AVAILABLE

WE STRONGLY ENCOURAGE RESPONSIBLE DISCLOSURE.
WE REQUEST THAT YOU DO NOT PUBLICLY DISCLOSE THE VULNERABILITY UNTIL A FIX HAS BEEN DEVELOPED AND DEPLOYED.

CREDIT WILL BE GIVEN TO REPORTERS WHO FOLLOW THIS POLICY AND WISH TO BE ACKNOWLEDGED.

FOR ALL SECURITY-RELATED MATTERS, PLEASE CONTACT:

SECURITY TEAM
EMAIL: NUSAETIKA
PGP KEY: 0XYOURKEYHERE (OPTIONAL)

THANK YOU FOR HELPING US KEEP THIS PROJECT SAFE AND SECURE.