Vulnerability Disclosure Policy

Please observe the standard best practices of responsible disclosure, especially considering that this is OSS. See OWASP’s disclosure cheat sheet.

Some basic rules:

  • Keep it legal.
  • Respect everyone’s privacy.
  • Contact the core maintainer(s) immediately if you discover a serious security vulnerability (imichael@pm.me for now).