We strongly recommend always using the latest version to benefit from the latest security updates.
We take the security of our software very seriously. If you discover a security vulnerability, please follow these guidelines:
Please DO NOT create a public issue for security vulnerabilities.
Instead, report security vulnerabilities by emailing:
📧 Email: [email protected]
When reporting a security vulnerability, please include:
- Description: A clear description of the vulnerability
- Steps to Reproduce: Detailed steps to reproduce the issue
- Impact Assessment: Your assessment of the potential impact
- Affected Versions: Which versions are affected
- Proof of Concept: If applicable, include a PoC or example exploit
- Suggested Fix: If you have ideas on how to fix it (optional)
- Initial Response: We aim to respond within 48 hours
- Status Updates: We will keep you informed about the progress
- Disclosure Coordination: We will coordinate with you on the disclosure timeline
- Credit: We will credit you in the release notes (unless you prefer to remain anonymous)
We ask that you:
- Give us reasonable time to fix the vulnerability before public disclosure
- Avoid exploiting the vulnerability beyond what is necessary to demonstrate it
- Do not access, modify, or delete data belonging to others
- Do not perform actions that could harm the availability of our services
Security updates will be announced through:
- GitHub Releases
- Project Documentation
- Email notification to users who have reported issues
We appreciate the security research community and welcome responsible disclosure of security vulnerabilities.