Reporting a Vulnerability¶
If you find a security vulnerability in one of my projects, please follow these steps:
- Do NOT comment about the vulnerability publicly.
[email protected]with the following format:
Subject: (PROJECT NAME HERE) Security Risk Give exact details I can replicate it with. If anything else needs to be said, put it here. In cases of security risks, there is no such thing as too little information.
Please be patient. You will get an email back soon.
If a project is marked as Deprecated / Unstable, I won't fix the issue unless it is critical, but will document that it exists for potential users of the project.
The reasoning behind this is that projects under that status are not being updated anymore, and should not be relied on.