We take security seriously. If you’ve discovered a vulnerability, please follow the steps below to ensure it is handled responsibly and quickly.
If you’ve found a critical security bug, do not open a public issue!
Instead, please report it privately:
- Contact directly via Discord: @iceeburr
- Open a private vulnerability report on GitHub
We will review and respond as soon as possible. Urgent issues will be prioritized immediately.
Security issues include (but are not limited to):
- Code that could allow unauthorized access or control (RCE)
- Leaked secrets or sensitive data
- Vulnerabilities in project dependencies
- Logic flaws that compromise expected security behavior
Note: If you’ve discovered a bug that is not a security concern, please submit it as a standard bug report instead.
If the issue lies in a third-party library:
- Please report the issue to the library’s maintainers first.
- Afterward, notify us so we can take appropriate steps on our end.
Publicly disclosing a vulnerability before it's fixed may put users at risk. Please report privately and allow us time to investigate and patch.
Thank you for helping us keep this project secure!