If you discover a security vulnerability in this extension, please do not open a public issue.
Instead, report it privately by emailing:
Include as much detail as possible:
- Description of the vulnerability
- Steps to reproduce
- Affected versions
- Potential impact
- Acknowledgement: within 48 hours
- Initial assessment: within 7 days
- Fix or mitigation: as soon as reasonably possible, depending on severity
Security fixes are provided for the latest released version. Older versions may receive fixes on a case-by-case basis.
We follow coordinated disclosure. Once a fix is released, we will credit the reporter (unless anonymity is requested) and publish details in the CHANGELOG.