The peribolos maintainers take all security issues seriously. Thank you for improving the security of peribolos. We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions.
Report security vulnerabilities using GitHub's private vulnerability reporting.
Please include the following details in your report:
- A description of the vulnerability
- Steps to reproduce the issue
- Affected versions
- Any known mitigations
Please do not report security vulnerabilities through public GitHub issues.
When a vulnerability is reported, the maintainers will:
- Acknowledge the report within three (3) business days.
- Investigate the issue, confirm the vulnerability, and determine affected versions.
- Provide a detailed response within an additional three (3) business days, including an assessment and planned timeline for a fix.
- Audit the codebase for similar issues.
- Prepare fixes for all maintained releases and coordinate disclosure.
We follow a coordinated disclosure process:
- Reporters will be kept informed of progress throughout the process.
- Fixes will be prepared and tested before any public disclosure.
- Credit will be given to reporters in release notes (unless anonymity is requested).
If you do not receive a timely response via GitHub, or if you are unable to use the private vulnerability reporting feature, please contact the uwu-tools team.
If you have suggestions for how this security process could be improved, please submit a pull request or open an issue.