Please report (suspected) security vulnerabilities to Z3R0@duck.com. You will receive a response from us within 48 hours. After the initial reply, we will keep you informed of the progress towards a fix and full announcement, and we may ask for additional information or guidance.

Do not report security vulnerabilities through public GitHub issues.

If possible, please include the following information in your report:

• The version of our project you are using
• What you were doing when you found the vulnerability
• What you expected to happen
• What actually happens
• Steps to reproduce the vulnerability

We take all security bugs in our project seriously. Thank you for improving the security of CNBC. We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions.

Update policy:

• We will investigate any vulnerabilities reported to us.
• Once confirmed, we will take the following steps:
  • Patch the issue and release an update.
  • Notify GitHub about the vulnerability if it affects multiple versions.
  • Announce the update and thank the security researcher who reported it.

This section is for you to explain how users should update their software to apply security updates you release, possibly with links to the changelog or downloads page.

Thank you for supporting our project and working to improve its security.