If you've discovered a vulnerability, please refrain from filing a public issue.

We kindly ask that you follow responsible disclosure guidelines, keeping in mind the risks faced by whistleblowers.

To report a vulnerability, please contact us privately via one of the following methods:

• Reporting form: Submit a security advisory
• Email: [email protected]

For any sensitive information, please encrypt your message using our PGP key: F6EFBDFAD0A3CF4A55085C3E7BBB231D031957FA

We aim to acknowledge reports within 8 hours and address any critical issues with short-term fixes within 2 days, whenever possible.