This project is currently in beta. Only the latest published version receives security fixes.

Please do not report security vulnerabilities through public GitHub issues.

To report a vulnerability, email the maintainers directly:

• Boaz Poolman — boaz.poolman@strapi.io

Include as much of the following as possible:

• A description of the vulnerability and its potential impact.
• The affected package(s) and version(s).
• Steps to reproduce or a proof-of-concept.
• Any suggested mitigations.

You can expect an acknowledgement within 48 hours and a status update within 7 days. We will coordinate a fix and disclosure timeline with you.

We follow a coordinated disclosure model. We ask that you give us a reasonable amount of time to address the issue before any public disclosure.