- Email: Send vulnerability reports via email to [email protected].
- Details: Include description, impact, reproduction steps, and proof-of-concept if applicable.
- Confidentiality: Do not disclose vulnerabilities publicly until a fix is released.
- Acknowledge: We will acknowledge receipt within 48 hours.
- Assess: Initial assessment and response within 7 days.
- Fix: Develop and release a patch promptly.
- Credit: Acknowledge contributors unless anonymity is requested.