Do not report security vulnerabilities through public GitHub issues. Any public issue that describes a security vulnerability will be deleted to protect users while a fix is prepared.
To report a vulnerability, please email us at:
Include as much detail as possible:
- Description of the vulnerability and its potential impact
- Steps to reproduce or a proof-of-concept
- Affected versions or components
- Any suggested mitigations (optional)
| Milestone | Target |
|---|---|
| Acknowledgment of your report | 3 business days |
| Resolution for critical vulnerabilities | 30 days |
| Resolution for all other vulnerabilities | 90 days |
We ask that you:
- Give us reasonable time to investigate and address the issue before any public disclosure
- Avoid accessing, modifying, or deleting data that does not belong to you
- Act in good faith and avoid actions that could harm users or degrade service availability