We take security seriously and welcome all reports.

Please DO NOT file a public issue, instead send your report privately to [email protected]

Security reports are greatly appreciated and we will publicly thank you for it, although we keep your name confidential if you request it.

Reported vulnerabilities will be analyzed swiftly.

Dependencies of this project are checked against known vulnerabilities with the OWASP dependency-check -tool. Dependency checks are run periodically once per day and on every push to the repository.

More info about the tool can be found here: https://jeremylong.github.io/DependencyCheck/index.html