Songe is supported on a best endeavors basis. Patches will be applied to the latest version rather than retroactively to other versions. Please make sure you always have the latest release.

Whilst I aim to write clean and secure code free from bugs and security issues, I am not perfect, this project is written in my spare time and it relies on external libraries.

In many scenarios, the most appropriate way to report a vulnerability is to raise an issue describing the problem in as much details as possible.

This will obviously be public. If you feel that the vulnerability is significant enough to warrant a private disclosure, please create an advisory, or report it by email (base64-encoded dnVsbi5odW50ZXJAZG9udHNwLmFt, decode it here).

If you choose to send an e-mail, you can decide to encrypt with my key 466F B094 B95C 3589.

Thank you very much for your contribution! Your account will be credited in the acknowledgments section of this repository.