If you discover a vulnerability in this package, please report it to the project maintainers privately. You can use the following contact information:

• Email: [email protected]

Please do not publicly disclose the vulnerability until it has been addressed and a fix has been released.

Once you have reported a vulnerability, the project maintainers will acknowledge your report and investigate it promptly. They will work together to understand the scope of the issue, prioritize it, and develop a plan to address it.

During the investigation, the project maintainers will:

• Confirm the vulnerability's existence.
• Determine the affected versions of the package.
• Assess the severity of the vulnerability.
• Prioritize the vulnerability based on its impact and the availability of a fix.

Once the vulnerability has been assessed and a plan has been developed, the project maintainers will:

• Work with you to understand the steps required to reproduce the vulnerability.
• Apply the necessary fixes to address the vulnerability.
• Test the fixes to ensure they have been successfully implemented.
• Release a new version of the package with the fixes.
• Communicate the vulnerability, its impact, and the steps to mitigate it to the affected users.

The project maintainers will disclose the vulnerability to the public as soon as a fix has been released and a reasonable amount of time has passed since the vulnerability was reported. This allows affected users to take appropriate action and mitigate the risk.

The disclosure will include:

• A detailed description of the vulnerability.
• The affected versions of the package.
• The steps required to reproduce the vulnerability.
• The steps to mitigate the vulnerability.
• The release date of the fixed version of the package.

Thank you for helping to keep this package secure!

This security policy was published by Kourosh Alasti [email protected]