If you have discovered a security vulnerability in this project, please report it privately. Do not disclose it as a public issue. This gives us time to work with you to fix the issue before public exposure, reducing the chance that the exploit will be used before a patch is released.
You may submit the report in the following ways:
- send an email to brice.goglin@inria.fr; and/or
- send us a private vulnerability report
Please provide the following information in your report:
- A description of the vulnerability and its impact
- How to reproduce the issue
Security fixes will only be applied to active stable branches (usually the last two stable branches, e.g. v2.9 and v2.8). Older branches might be considered if there is a strong reason not to upgrade.