We are committed to ensuring the security of our users and prioritize the confidentiality, integrity, and availability of our systems and services. This document provides guidelines on how to report security vulnerabilities and outlines our response process.
If you discover a security vulnerability in our service, please follow the steps below to report it responsibly:
- Do Not Disclose Publicly: Avoid creating public issues or pull requests which could expose the vulnerability to malicious actors.
- Contact Us Directly: Email your findings to [email protected]. Please include as much of the following information as possible:
- Detailed description of the vulnerability.
- Steps to reproduce the vulnerability.
- Potential impact of the vulnerability.
- Any other relevant information (e.g., operating system, library versions).
- Acknowledgment: We aim to acknowledge receipt of your report within 24 hours.
- Communication: We will maintain open and transparent communication with you to discuss the findings.
- Timeline: While the response time can vary based on the complexity of the report and existing priorities, we strive to assess and respond to all reports within one week.
Upon receiving a security report, we follow a standard procedure to evaluate and mitigate the issue:
- Verification: Confirm the report and assess the potential impact.
- Prioritization: Address the vulnerability based on its severity and impact.
- Mitigation: Implement the necessary patches or remedial measures.
- Release: Deploy the fixes and notify all stakeholders.
- Disclosure: After mitigating the risk, we will work with the reporter to publicly disclose the vulnerability in a responsible manner.
For further inquiries or suggestions regarding our security policy, please contact us at [email protected].
Thank you for helping us keep our service safe and secure.