If you have discovered a security vulnerability in this project, please report it privately. Do not disclose it as a public issue. This gives us time to work with you to fix the issue before public exposure, reducing the chance that the exploit will be used before a patch is released.
This project is maintained by a team of volunteers on a reasonable-effort basis. As such, please give us at least 90 days to work on a fix before public exposure. We will contact you back within 2 business days after reporting the issue.
Thanks for helping make the project safe for everyone!
Please, report the vulnerability either through new security advisory form or by directly contacting our security contacts.
Security contacts:
- Wiktor Kwapisiewicz, preferably encrypted with the following OpenPGP certificate:
6539 09A2 F0E3 7C10 6F5F AF54 6C88 57E0 D8E8 F074.
Security updates are applied only to the most recent release.