If you find a security bug in this repository, follow the responsible disclosure principles and these guidelines:

• Do not send a normal issue (issue) or pull request in our public repository, instead report it through our Bug Bounty or directly to [email protected] (if necessary, we encrypt it)

• We will review your submission and be able to follow up for additional details If you have a patch, we will review it and approve it privately; once approved for launch, you can submit it as a pull request publicly at our repos (we give credit when credit is due)

• We will keep you informed during our investigation, feel free to check for a status update

• We will release the fix and publicly disclose the issue as soon as possible, but we want to ensure due diligence before launch

• Do not post a blog or post about the security issue until we’ve updated the public repository so that other downstream users have the opportunity to fix