Hey there!

I'd like to report a security issue but cannot find contact instructions on your repository.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

@zidingz This project has no real "owner" - nobody works on it regularly. If you have a patch that fixes the security issue, please submit it as a PR.

Otherwise, I'd just open a ticket that describes the problem. If there is anyone out there using this project that feels it's urgent enough to fix, they'll submit a PR.

Responsible disclosure only works when there's a maintenance team. In this case, there isn't.

If someone out there notices this ticket and is willing to work with @zidingz on the issue, feel free to chime in here.