If you have discovered a potential security vulnerability in this project, please report it privately. Do not disclose it as a public issue. This gives us time to work with you to fix the issue before public exposure, reducing the chance that the exploit will be used before a patch is released.

Please disclose it at our security advisory.

This project is maintained by a team of volunteers on a reasonable-effort basis. As such, vulnerabilities will be disclosed in a best effort base.

We will work with you to verify the vulnerability and fix it.

If we verify a reported security vulnerability, our policy is:

• We will try to fix this on the current development branch.
• After the fix, we will immediately made a new snapshot release available.
• Depending on the vulnerability, we will publish a new release.

A security advisory will be released on the project website detailing the vulnerability, as well as recommendations for end-users to protect themselves.