This project is currently in an experimental phase, signified by major version number 0.
| Version | Supported |
|---|---|
| 0.3.x | ✅ |
| < 0.3 | ❌ |
Please do not report security vulnerabilities publicly. Email is preferred, to [email protected].
PGP/GPG encryption to this mailbox is accepted, using keys with fingerprint 002254bb or 91650912. These keys should be cross-checkable via keyoxide.org, keys.openpgp.org, keyserver.ubuntu.com and possibly other servers.
Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
- Type of issue (e.g. buffer overflow, information leakage, cryptographic attack)
- Full paths of source file(s) related to the manifestation of the issue
- The location of the affected source code (tag/branch/commit or direct URL)
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit the issue
We will acknowledge reports ASAP. However, this is a spare-time project, so we cannot guarantee a timescale for a detailed response.
We do not operate a bug bounty program.
We prefer all communications to be in English.
We believe in Responsible Disclosure and will follow a Coordinated Vulnerability Disclosure model where requested to.