The project is currently in 0.x unstable release. Security updates are applied only to the latest released version in the 0.x series.

Please report security vulnerabilities using one of the following private channels (do not open public issues for security-sensitive bugs):

• GitHub Private Vulnerability Reporting / Security Advisories: Use the "Report a vulnerability" option from the repository's Security tab on GitHub, if available.
• Email: Send an email to hi@gyk.me. For sensitive reports, you may use GPG encryption. Public key: keys.openpgp.org/search?q=hi@gyk.me. Fingerprint: 74CD74ED23BE55F18FB8B61F9682F1C631F993B0.

• Acknowledgment: You should receive an acknowledgment within 48 hours.
• Update: We will provide updates on the reported vulnerability as we investigate and work on a fix.
• Resolution: If accepted, we will release a fix and credit you (unless you prefer to stay anonymous). If declined, we will explain the reasoning.
• Disclosure: Please allow reasonable time for a fix before public disclosure.