I take security bugs seriously and I appreciate any who makes the effort to responsibly disclose findings.

For your efforts, you get to eat a cookie from Santa's plate before you go to bed on Dec 24 that yaer (But, just that year.)

Seriously, know that I will be forever grateful and I will always publically acknowledge your contribution.

Please for the love of everything good and right in the 🌌 universe 🌌 don't go broadcasting vunerablilites. While, yes, the public has a right to know, I (or any creator) deserve the opportunity to fix the flaw -- in a timely manner -- first.

To report a security issue, please use "Report a Vulnerability" under the [Security] tab.

I will send a response indicating the next steps in handling your report within 12 hours. After the initial reply to your report, the I will keep you informed of the progress towards a fix and full announcement (including acknowledging your contribution), and may ask for additional input.

If the vulnerability involves a third-party module please report it to the team maintaining the module. However, you can also report the vulnerability through this repositories "Report a Vulnerability" page. I will forward it on to the appropriate group, but I cannot guarantee any further contact regarding its disposition.

Use this section to tell people about which versions are currently supported with security updates.