If you discover a security vulnerability in this project, please follow these steps to report it responsibly:
-
Report privately: Send an email to our security team at cool.brian1206cool@gmail.com. Do not open a public issue or discussion for the vulnerability.
-
Include details:
- A clear description of the vulnerability and its impact.
- Steps to reproduce the issue, including code snippets or configuration examples.
- Information about the environment where the issue occurs (version, OS, dependencies).
-
Acknowledgment: We will acknowledge your report within 72 hours.
-
Updates & timeline:
- Within 5 business days, we will provide an initial assessment.
- We will work with you to develop and test a patch.
- Once a fix is available, we will release a security advisory and update the affected versions.
-
Credit: If you consent, we will acknowledge your contribution in the release notes. If you prefer to remain anonymous, please let us know in your report.
| Channel | Response Time |
|---|---|
| cool.brian1206cool@gmail.com | < 72 hours |
GitHub security issue tracker |
Not monitored |
Note: Please do not use the public issue tracker for vulnerability reports. All security issues must be reported via email.
- We will follow responsible disclosure practices.
- Please give us at least 90 days to address the issue before disclosing it publicly.
- If you believe the issue is critical and requires immediate action, indicate this in your report.
This policy is intended to help coordinate the disclosure and management of security vulnerabilities. It may be updated at our discretion.