To report a security vulnerability, please use ether
- an email to security@codingjoe.dev (preferably encrypted),
-----BEGIN PGP PUBLIC KEY BLOCK----- xjMEaXUi2xYJKwYBBAHaRw8BAQdALsSpTW3Ca2y8DBQQZnDfkM9MqHsSW44c tcNjtGrpn/TNLWpvaGFubmVzQG1hcm9uLmZhbWlseSA8am9oYW5uZXNAbWFy b24uZmFtaWx5PsLAEQQTFgoAgwWCaXUi2wMLCQcJEGi4fWFj6qTNRRQAAAAA ABwAIHNhbHRAbm90YXRpb25zLm9wZW5wZ3Bqcy5vcmfnFZ7S1vJS2auBXGJw aff75bbZy374HYQ4HrkAzYfQXgMVCggEFgACAQIZAQKbAwIeARYhBC+cU6JZ 45GiQmkihGi4fWFj6qTNAADl2AD8DUHprINBF6J+JYE56nfifRoM7vwYAXkg dNppJpYoWVsA/RkklQ/hoYgFa+0zui/KuOdFgnE+NF9uqhpKXLapVHQOzjgE aXUi2xIKKwYBBAGXVQEFAQEHQD8hgxKDTY6Sac1e5nERNddJaeAqDBaEElgO Mh+bfutWAwEIB8K+BBgWCgBwBYJpdSLbCRBouH1hY+qkzUUUAAAAAAAcACBz YWx0QG5vdGF0aW9ucy5vcGVucGdwanMub3JnIEreyydzaw0CJssrd7C7gLJS aYDOR2vyd9mvY6FYCtwCmwwWIQQvnFOiWeORokJpIoRouH1hY+qkzQAAE0UB AJmZoBneKX0vEr8TMNtx3VVTmwr+0xA2odcGXDatndZEAP9dfGZCxY0rgvVF gtjn/I1sflR0qlrRPZH/a+hJGGiiAw== =7iiC -----END PGP PUBLIC KEY BLOCK----- - contact me via Signal,
- or use the Tidelift security contact.
Since open-source software is maintained by a community of volunteers, please allow up to 90 days for a response before making any public disclosure. After 90 days, if no response has been received, you may disclose the vulnerability publicly.
The maintainers and contributors will not pursue legal action against researchers who act in good faith and comply with this Policy. Unauthorized access to personal data, intellectual property theft, or malicious exploitation is strictly prohibited.
At this time, we do not offer a bug bounty program. However, we appreciate and recognize the efforts of security researchers who responsibly disclose vulnerabilities to us.
If you would like to be acknowledged for your contribution, please let us know when you report the vulnerability. We will include your name in our list of security researchers who have helped improve the security of our project, unless you prefer to remain anonymous.
We are committed to promptly addressing security vulnerabilities. Once a vulnerability is reported and verified, we will work to release a fix as quickly as possible. Security updates will be communicated through our usual channels, including release notes and announcements on our project page.
We actively maintain and provide security updates for the latest major version of our software. Users are encouraged to upgrade to the latest version to benefit from the most recent security fixes and improvements.