If you believe you found a security vulnerability, please do not share it publicly. Follow the responsible disclosure procedure by submitting a private message. You can do so on GitHub (see the "Security") tab or on matrix (message @einliterflasche2:matrix.org or @binarybaron:matrix.org).

To help us understand the nature and scope of the potential issue, please provide as much information as possible, including a description of the vulnerability, its potential impact, and steps for reproducing it or proof of concept.

We ask that you do not disclose the issue to others until we've had a chance to address it.

Please encrypt any reports using one of our GPG keys (link).

Upon receiving a vulnerability report, we commit to:

• Acknowledging receipt of your report in a timely manner.
• Providing an estimated timeline for addressing the vulnerability.
• Keeping you informed about the progress of addressing the vulnerability.
• Publicly acknowledging your contribution, if you wish, once the vulnerability has been resolved.