This document outlines security procedures and general policies for projects run by @wesleytodd.
Report security bugs by emailing [email protected].
To ensure the timely response to your report, please ensure that the entirety of the report is contained within the email body and not solely behind a web link or an attachment.
I will acknowledge your email within one week, and will send a more detailed response within one week indicating the next steps in handling your report.
Report security bugs in third-party modules to the person or team maintaining the module.
Alpha and Beta releases are unstable and not suitable for production use. Vulnerabilities found in pre-releases should be reported according to the Reporting a Bug section. Due to the unstable nature of the branch it is not guaranteed that any fixes will be released in the next pre-release.
Each project may have it's own thread model. This reporting doc is shared among many projects, so please reference the project specific thread model when available.
If you have suggestions on how this process could be improved please submit a pull request.