Security Policy#

Thank you for taking time reading the following information carefully. Your contribution is highly welcomed!

Reporting a vulnerability#

I highly encourage you to follow the principles of a responsible disclosure:

• Do not publish your research before contacting me first.
• Write me an e-mail. Sign and encrypt your e-mail with OpenPGP/GnuPG. I'll do my best to respond within 3-5 days.
• Do not open a public issue until my confirmation.
• If the vulnerability is accepted please give me at least 4 weeks to release proper security updates.
• After the security updates are released feel free to publish your research. A CVE is highly appreciated.

Thank you.