We take all security issues seriously. We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions.

To report a vulnerability, please open a security advisory on GitHub with the full details, including steps to reproduce the issue.

We will check the vulnerability as soon as possible and get back to you within 48 hours. If the vulnerability is accepted, we will publish a security advisory and release a patch as soon as possible. Please do not disclose the vulnerability until we have published a security advisory. We will give you credit for your responsible disclosure in the advisory.