To report a vulnerability, please create a new issue on our GitHub repository here. Please include "Security Vulnerability Report" in the issue title to ensure prompt attention to your report.

Upon receiving your vulnerability report, our security team will acknowledge receipt of your report within 48 hours by commenting on the issue. We aim to provide regular updates on the progress towards resolving the vulnerability by updating the issue at least once a week until the issue is resolved.

Our security team will review the information provided in your report and assess the severity and impact of the vulnerability. If the vulnerability is accepted, we will take immediate action to address and resolve it. If the vulnerability is declined, we will provide a detailed explanation for our decision by commenting on the issue.

We encourage responsible disclosure and request that you allow us a reasonable amount of time to address the reported vulnerability before disclosing it to others or making it public.

At this time, we do not have a bug bounty program in place.