If you would like to report a public issue (for example, one with a released CVE number), please report it as a GitHub issue. If you have a patch ready, submit it following the same procedure as any other patch as described in CONTRIBUTING.md.

We follow a Coordinated Vulnerability Disclosure (CVD) process:

• Initial Response: We will acknowledge your report within 48 hours.

• Investigation: Our team will investigate the issue and provide updates.

• Resolution: We will work with you to resolve the issue and prepare a fix.

• Disclosure: Once the fix is ready, we will disclose the vulnerability and notify affected users.