Please do not report security vulnerabilities through public GitHub issues.

Instead, please report it at <{{SECURITY_POLICY_EMAIL}}>.

Please encrypt your message to us using our PGP key. The key fingerprint is:

{{SECURITY_POLICY_PGP_FINRGERPRINT}}

The key is available from {{SECURITY_POLICY_PGP_KEYSERVER}}.

Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:

• Full paths of source file(s) related to the manifestation of the issue
• The location of the affected source code (tag/branch/commit or direct URL)
• Any special configuration required to reproduce the issue
• Step-by-step instructions to reproduce the issue
• Proof-of-concept or exploit code (if possible)
• Impact of the issue, including how an attacker might exploit the issue

Please get in touch and give the project contributors a chance to resolve the vulnerability and issue a new release prior to any public exposure; this helps protect the project's users and provides them with a chance to upgrade and/or update in order to protect their applications.

We prefer all communications to be in English.

{{PACKAGE_NAME}} follows the principle of Coordinated Vulnerability Disclosure.