Security policy ​
Reporting a Vulnerability ​
If you believe you have found a security vulnerability in the project, please report it to us as described below. We take all security vulnerabilities seriously. If you have found a vulnerability in a third-party library, please report it to the maintainers of that library.
Reporting Process ​
Please do not report security vulnerabilities through public GitHub issues. Instead, please report them by emailing us at Jason. Your email will be acknowledged within 24 hours, and you’ll receive a more detailed response to your email within 3 days indicating the next steps in handling your report.
Disclosure Policy ​
When we receive a security vulnerability report, we will assign it a primary handler. This person is responsible for the vulnerability report. The handler will confirm the problem and determine the affected versions. The handler will then evaluate the problem and determine the severity of the issue. The handler will develop a fix for the problem and prepare a release. The handler will notify the reporter when the fix is ready to be announced.
Security Updates ​
Security updates will be released as soon as possible after the patch has been developed and tested. We will notify users of the release via the project’s GitHub repository. We will also publish the release notes and security advisories on the project’s GitHub releases page. We will also depreciate all versions that contain the security vulnerability.
Security Partners and Acknowledgements ​
We would like to thank the following security researchers for working with us to help make the project safe for everyone: