Thank you for reporting security vulnerabilities to Cryptography. Security is a top priority for this project, and they will be addressed as quickly as possible. Please report any security issues via email. Do not report security issues via GitHub issues, as they are public and may be seen by malicious actors before they can be addressed.
When reporting a security vulnerability, please include the following information in your email:
- To: Jin Yu Zhang (siegesailor@gmail.com)
- Subject: Brief Description of the Vulnerability in Cryptography x.y.z
- Body:
- Full paths of source file(s) related to the vulnerability
- Any special configuration required to reproduce the vulnerability
- Step-by-step instructions to reproduce the vulnerability
- Impact of the issue, including how an attacker can exploit it and what damage it can cause
- Attach your GitHub profile link if you would like to be credited for the report
You should get a response as soon as we make plans to address the vulnerability and create issues.