Security reports are welcome. Security vulnerabilities can be reported privately, via either:
at your option.
Security issues should not be reported via the public GitHub Issue tracker or discussions.
If the issue is confirmed as a vulnerability, we will open a Security Advisory. This project follows a 90 day disclosure timeline.
If you would like to encrypt your vulnerability reports, you may use the author's public GPG key (Keyoxide profile).
Security issues will be announced via the project's release notes and GitHub's security advisory system.