Please do not report security vulnerabilities through public GitHub issues.

Instead, please report security vulnerabilities through the "Report a vulnerability" button, seen when clicking on the "Security" tab on GitHub. The form is configured in such a way that only the reporter and the team leader can see the details. By restricting access to this potentially sensitive information, we can work on a fix and deliver it, before a vulnerability becomes well known.

If you have submitted a properly filled out report, the project maintainers will look into your report shortly.
You should receive a response within few hours or days. If not inform us through our communication options, with the info that you have filled out without including any vulnerability information. Keep in mind, that we may choose to reject issues, if they are not feasible for us to address, due limitations or implementations of the codebase.

We will credit reporters who informed us in private by filling out the form above in security releases published.

We prefer all communications to be in English or in exceptional cases in German.