To report a security issue, please use the GitHub Security Advisory "Report a Vulnerability" tab. Do not open up a GitHub issue.

We follow a responsible disclosure process:

1. We will investigate the reported vulnerability and work on a fix.
2. A fix will be developed, tested, and incorporated into the project.
3. Once the fix is ready, we will release a new version of the project with a detailed release note.
4. We will notify the reporter about the fix and acknowledge their contribution in the release notes, if they wish to be credited.