If you discover a security vulnerability within Timber, please submit your report via the link below. Please be mindful of the fact that the maintainers are working on Timber in their free time, so the initial response can take some time.

Please do not discuss any vulnerabilities (even resolved ones) without express consent.

When you've found a security issue that abides by the rules and scope of this project, please submit the report to us via GitHub. In your report, make sure to include a detailed guide on how to reproduce the issue.

We will make a best effort to meet the following response targets for security reports:

• Time to first response (from report submit) - 5 business days
• Time to triage (from report submit) - 10 business days
• Time to fix (from triage) - 15 business days