DO NOT CREATE AN ISSUE to report a major security problem. Instead, email us at me@ruk.si or send a private message to any of the maintainers.

You can expect to receive a response within 48 hours.

The maintainers will try their best to fix the issue before going public with it. A public announcement is done briefly after the issue has been fixed.

This is an open source project so there is no reward or compensation, but we'll make sure you will get the credit after the incident response.

1. If the problem is ongoing, fix it.
2. If the problem is external and ongoing, contain it.
3. Figure out who are affected and discretely inform them if possible.
4. Go public with an incident report.