We appreciate the community's efforts in helping us maintain the security of the project. If you discover a security vulnerability, we encourage you to report it responsibly to ensure timely and effective resolution. To report a vulnerability, please follow these steps:

Please submit a detailed report to our dedicated security email: security@deleteonerror.com. If you prefer, you can also reach out to us through a private channel as requested.

In your vulnerability report, provide a clear and concise description of the vulnerability. Include the steps to reproduce the issue, along with any relevant technical details. The more information you can provide, the easier it will be for our team to assess and address the vulnerability promptly.

Please refrain from publicly disclosing the vulnerability until we have had a chance to investigate and apply appropriate fixes. We appreciate responsible disclosure to protect our users and give us time to mitigate the issue.

Once you've submitted a vulnerability report, here's what you can expect:

• Acknowledgment: We are committed to acknowledging receipt of your vulnerability report within 48 hours. Investigation: Our security team will review the reported vulnerability and assess its severity and impact on the project.
• Response Time: You can generally expect a status update or request for additional information within 7 business days. Please understand that the response time may vary depending on the complexity and urgency of the reported issue.
• Coordination: If the vulnerability is accepted, we will work with you to determine the appropriate timeframe for releasing the fix and coordinating any public disclosure, if necessary. Vulnerability Acceptance or Declination

While we highly value all vulnerability reports, there might be cases where a reported vulnerability may not qualify for immediate action. Reasons for vulnerability declination may include:

• Out of Scope: The reported issue falls outside the scope of our project's security policy.
• Duplicate: The vulnerability has already been reported by someone else.
• Insufficient Impact: The security impact of the vulnerability is minimal.
• Non-Exploitable: The issue does not pose a security risk, or it cannot be exploited. Responsible Disclosure

We understand that responsible security researchers may wish to be credited for their efforts. If you'd like to be publicly acknowledged for your responsible disclosure, please let us know in your initial report.

Thank you for contributing to the security of our open-source project and helping us create a safer environment for all users and contributors. Your collaboration is vital in ensuring the continuous improvement and integrity of our project.