Security is very important to us.
If you have discovered a security issue, please contact [email protected] directly. Please refrain from directly creating a GitHub issue and publicly disclosing the vulnerability. We prefer a Coordinated Vulnerability Disclosure (CVD) to properly understand and fix the root cause problem.
Your report should include:
- Product version (GitHub commit hash or DockerHub sha256 digest hash)
- The affected component if possible (client.js, server.js, etc.)
- A vulnerability description
- Reproduction steps
A member of the security team will confirm the vulnerability, determine its impact, and develop a fix. The fix will be applied to the master branch, tested, and packaged in the next security release.
Thanks in advance for your support to make our products safer!