Use this software at your own risk! Any stable release of this software should be "supported",
i.e., a non-release candidate with a major version greater than or equal to v1
.
(We would still like to hear about vulnerabilities in unsupported software, however.)
If you discover a security vulnerability, please report it to:
While we do not currently participate in any bug bounty programs, we promise to acknowledge the email within 21 days and respond within 30 days of the disclosure of the potential vulnerability with it's legitimicy.
We ask that you refrain from public disclosure until either of the following conditions are met:
-
We respond, indicating that the vulnerability has been resolved in the latest release
-
45 days have passed since the initial report, OR, 14 days have passed since our last email communication about the vulnerability, whichever is less.
Changes made to this security policy will take effect no sooner than 50 days after publication on the master branch of this repository.