If you've found a security issue in this repository, please report it privately rather than opening a public issue.
Email: security@forsmantech.com
In your report, include:
- A description of the issue and its potential impact.
- Steps to reproduce, ideally with a minimal example.
- Affected version / commit.
- Any suggested mitigation if you have one.
I aim to respond within 72 hours with an acknowledgement, and to close validated issues within a reasonable timeline depending on severity:
| Severity | Target close |
|---|---|
| Critical | 7 days |
| High | 14 days |
| Medium | 30 days |
| Low | 60 days |
Please give me a reasonable window to fix the issue before public disclosure. I'm happy to credit reporters in the release notes if desired.
- Issues in third-party dependencies — please report to the upstream project. Notify me too if I should pin to a fixed version.
- Findings from automated scanners without a corresponding proof-of-concept.
- Theoretical issues without a practical impact.
Reporters who help improve the security of this project will be acknowledged here (with permission).