Learn how to report security vulnerabilities in my software
If you think you may have discovered a security vulnerability in one of my projects, please contact me at info+security@firstname.lastname@example.org in as much detail as possible. If you’re not sure if what you’ve found is a vulnerability, please get in touch regardless.
If you encrypt your email to my OpenPGP key, please make sure to use the correct subkey. GnuPG selects the correct key automatically.
After verifying your findings, I will implement a fix and coordinate with distributors to make sure users receive the updated version as quickly as possible. This should normally take less than 14 days, but may take longer for complex vulnerabilities or protocol flaws. Please keep the vulnerability confidential until it is fully resolved.
Unless you prefer otherwise, you will be credited publicly with the discovery of the vulnerability. I will always ask your permission before including your name.
No vulnerabilities have been reported yet.