We take security seriously. Please report security vulnerabilities responsibly.
If you discover a security vulnerability, please follow these steps:
- Do NOT open a public issue
- Email the security concern to the repository maintainers
- Include as much information as possible:
- Type of vulnerability
- Full paths of affected source files
- Location of the affected source code (tag/branch/commit or direct URL)
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue
- We will acknowledge receipt of your vulnerability report within 48 hours
- We will provide a detailed response within 7 days indicating next steps
- We will work on a fix and keep you informed of progress
- Once the vulnerability is fixed, we will publicly disclose the issue (crediting you if desired)
When contributing, please:
- Never commit sensitive information (API keys, passwords, tokens)
- Use environment variables for configuration secrets
- Keep dependencies up to date
- Follow secure coding practices
We follow responsible disclosure practices:
- Security issues are fixed before public disclosure
- Contributors who report security issues are credited (unless they prefer anonymity)
- We coordinate disclosure with affected parties when applicable
Thank you for helping keep our projects secure!