• 🛡️ Security Policy
• 🔍 Reporting a Vulnerability
• ⏱️ What to Expect
• 📝 Security Updates
• 🏆 Attribution

I, William Hallin, take the security of our project very seriously. If you feel you've discovered a security issue, please take these steps:

1. Do not make the vulnerability public until it has been resolved.
2. Send your findings to [email protected].
3. Please provide thorough details regarding the vulnerability.
   • Description of the issue:
   • Steps for reproducing:
   • Affected version:
   • Potential impact:
   • Any proposed fixes, if available:

• I will acknowledge the receipt of your report within 48 (business) hours.
• I will send a more thorough response within 72 (business) hours and indicate future steps.
• I will keep you informed about the progress of fixing and deploying a patch.
• I will publicly acknowledge your responsible disclosure once the issue is remedied (unless you choose to stay anonymous).

Security patches will be distributed as soon as a vulnerability is discovered and confirmed. The updates will be:

1. Released as a patch version.
2. Documented in the changelog.
3. Announced via my security advisory channels.

I'm committed to collaborating with security researchers and the community to ensure the security of the project. I'll credit security researchers who responsibly reveal vulnerabilities (unless they prefer to remain anonymous).

If you have any questions or issues about our security policy, please email [email protected].