Reporting a Vulnerability¶
If you find a security vulnerability in one of my projects, please follow these steps:
- Do NOT comment about the vulnerability publicly.
[email protected]with the following format:
Subject: (PROJECT NAME HERE) Security Risk HOW TO EXPLOIT Give exact details I can replicate it. OTHER INFORMATION If anything else needs to be said, put it here.
Please be patient. You will get an email back soon.
If a project is marked as Deprecated / Unstable, I won't fix the issue unless it is critical, but will document that it exists for potential users of the project.
The reasoning behind this is that projects under that status are not being updated anymore, and should not be relied on.