Reporting a Security Issue
How to report vulnerabilities

Reporting Vulnerabilities

If you identify a security vulnerability, please open a GitHub Issue. Include the following information:
  • A concise description of the vulnerability and its impact
  • Step-by-step instructions to reproduce or observe the issue
  • Relevant stack traces, screenshots, or other information
The development team will respond as soon as possible. Depending on the impact and work required to resolve the issue, expect a patch within 7-14 days.
Fixed vulnerabilities will be closed and documented in release notes.
If a vulnerability will not be fixed for any reason, the issue will be closed and the reason why the vulnerability will not or can not be fixed will be documented.
If you need to disclose a vulnerability that may be sensitive in nature, you may disclose the issue privately via email. Send such reports to [email protected].
Last modified 3mo ago
Copy link