Please report security vulnerabilities via GitHub private vulnerability reporting. This is the preferred method.

If you are unable to use GitHub private reporting, you may contact the point of contact (POC) directly:

David A. Wheeler dwheeler-NOSPAM (at) linuxfoundation (dot) org.

Please include as much detail as possible: a description of the issue, steps to reproduce, and any potential impact. If you have proposed fix(es), or other analysis to help address it, please provide that as well.

We aim to acknowledge reports promptly and will work with you to address confirmed vulnerabilities.