If you’ve found or suspect a security vulnerability in this application, please let us know so we can address and fix it.
Please report any vulnerabilities you discover in the application via the online vulnerability reporting form, including:
- a brief description of the vulnerability
- any information in how the vulnerability can be exploited
- the location of the source code responsible for the vulnerability, if known
If the vulnerability exists in a dependency of the application (e.g. an external library), please report the vulnerability directly to the developer of the dependency. If you do not receive a response from the dependency developer in a timely manner, please open an issue to make us aware.
If we confirm the issue we will endeavour to fix the vulnerability as soon as we can, but please bear in mind it may take some time depending on the complexity of the vulnerability and the code related to it.
If you are developer who is able to fix a vulnerability yourself, you are welcome to submit a pull request containing a fix for the vulnerability.
We have a contributors code of conduct, which you can find here: CODE_OF_CONDUCT.md