Report security bugs via github.

When reporting security vulnerabilities, reporters must adhere to the following guidelines:

1. No Harmful Actions: Security research and vulnerability reporting must not:

   • Cause damage to running systems or production environments.
   • Disrupt development or infrastructure.
   • Affect other users' applications or systems.
   • Include actual exploits that could harm users.
   • Involve social engineering or phishing attempts.

2. Responsible Testing: When testing potential vulnerabilities:

   • Use isolated, controlled environments.
   • Do not test on production systems without prior authorization.
   • Do not attempt to access or modify other users' data.
   • Immediately stop testing if unauthorized access is gained accidentally.

3. Report Quality

   • Provide clear, detailed steps to reproduce the vulnerability.
   • Include only the minimum proof of concept required to demonstrate the issue.
   • Remove any malicious payloads or components that could cause harm.

Failure to follow these guidelines may result in rejection of the vulnerability report.