Security Policy

To report a (potential or confirmed) security issue, please email with a description of the issue, steps to reproduce it, affected versions, and if known, mitigations for the issue.

Since this is a small project, there’s no list of supported versions. I will attempt to reply to reports within a working week, and to fix and disclose vulnerabilities within 90 days, but this is not a guarantee.

Optionally, you can encrypt the email with my GPG key, see for details

Alternatively, you can use the GitHub “Private vulnerability reporting” functionality (but note this is beta).