If you discover a security vulnerability in this project, please report it responsibly by emailing:
Please do not open a public GitHub issue for security vulnerabilities.
- A description of the vulnerability and its potential impact
- Steps to reproduce the issue (proof-of-concept or exploit code if applicable)
- Any relevant logs, screenshots, or other supporting information
- The version or commit hash where the issue was found
We follow a coordinated (responsible) disclosure process:
- Report — Send your findings to tmanik@internet2.edu.
- Acknowledgement — We will acknowledge receipt of your report within 5 business days.
- Investigation — We will investigate the issue and keep you informed of our progress.
- Fix — We will work to remediate confirmed vulnerabilities in a timely manner.
- Disclosure — We will coordinate with you on an appropriate timeline for public disclosure after a fix is available.
We ask that you give us a reasonable amount of time to address the issue before any public disclosure.
We only provide security fixes for the latest version of this project.
For non-security-related issues, please open a GitHub issue.