I take the security of this project seriously and appreciate the efforts of security researchers in identifying and responsibly disclosing security vulnerabilities.
If you believe you've discovered a security vulnerability in this project, I encourage you to report it to me confidentially. To report a security vulnerability, please follow these steps:
-
Do Not Disclose Publicly: Please do not share potential vulnerabilities publicly until I have had a chance to address them.
-
Email Notification: Send an email to Hamza Rizwan describing the potential vulnerability. Please include the following details in your report:
- Description of the vulnerability and the potential impact.
- Steps to reproduce the vulnerability.
- Any relevant technical details that could assist in reproducing or understanding the issue.
-
Wait for Response: You should receive an acknowledgment of your report within a few hours. I will work with you to understand and verify the issue.
-
Cooperation: I appreciate your cooperation in keeping the details of the vulnerability confidential until we've resolved the issue.
I kindly request that security researchers:
- Provide a reasonable amount of time for me to investigate and address the vulnerability before publicly disclosing it.
- Make a good faith effort to avoid privacy violations, destruction of data, and disruption of services.
- Only interact with accounts and data you own or have explicit permission to access.
I consider security research to be an important contribution to the health and security of this project. I will not pursue legal action against individuals who report security vulnerabilities in accordance with these guidelines. I do, however, expect security researchers to act responsibly and within the bounds of the law.
Thank you for your contribution to the security of this project.