Security is a key part of software development. We're not perfect, but we try our best to keep Txts secure. If you find a security issue, please report it to us as soon as possible. Instructions on how to responsibly do so can be found below.

GitHub has a built-in security vulnerability reporting system, which we utilize in tracking and resolving security issues. To report a vulnerability, please follow these steps:

1. Open the reporting form
2. Fill out the title and description template, providing as much detail as possible. Don't clear the provided template.
3. Ignore the "Affected products" field - this does not apply to us.
4. Fill out the severity section, by either selecting a severity or using the CVSS calculator.
5. If you know of the CWE ID, please provide it. Otherwise, leave it blank.
6. Submit the form.

We will respond to your report as soon as possible. If we need more information, we will ask for it through the GitHub report. Once we have enough information, we will begin working on a fix. Once the fix is ready, we will release a patch, close the report, and optionally release a public statement to users.