Version | Supported |
---|---|
2.1.x | ✅ |
2.0.x | ❌ |
1.x.x | ❌ |
We take the security of our software seriously. If you believe you have found a security vulnerability, please report it to us as described below.
DO NOT CREATE A GITHUB ISSUE reporting the vulnerability.
Instead, send an email to [email protected].
In the report, please include the following:
- Your name and affiliation (if any).
- A description of the technical details of the vulnerabilities. It is very important to let us know how we can reproduce your findings.
- An explanation who can exploit this vulnerability, and what they gain when doing so -- write an attack scenario. This will help us evaluate your submission quickly, especially if it is a complex or creative vulnerability.
- Whether this vulnerability is public or known to third parties. If it is, please provide details.
If you don’t get an acknowledgment from us or have heard nothing from us in a week, please contact us again.
We will send a response indicating the next steps in handling your report. We will keep you informed about the progress towards a fix and full announcement.
We will not disclose your identity to the public without your permission. We strive to credit researchers in our advisories when we release a fix, but only after getting your permission.
We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.