Reporting a Security Issue

How to report vulnerabilities

Reporting Vulnerabilities

If you identify a security vulnerability, please open a GitHub Issue. Include the following information:
  • A concise description of the vulnerability and its impact
  • Step-by-step instructions to reproduce or observe the issue
  • Relevant stack traces, screenshots, or other information
The development team will respond as soon as possible. Depending on the impact and work required to resolve the issue, expect a patch within 7-14 days.
Fixed vulnerabilities will be closed and documented in release notes.
If a vulnerability is not fixed for any reason, the issue will be closed, and why the vulnerability will not or can not be fixed will be documented.
If you need to disclose a vulnerability that may be sensitive, you may disclose the issue privately via email. Send such reports to [email protected].