If you discover a security vulnerability within this project, please send an e-mail to aris@duck.com. Once the issue has been validated, we will open a Github Security Advisory, if necessary.
Once the security advisory has been opened, contributors can collaborate on a private fork to fix the vulnerability. When the issue has been resolved, we will alert users of the past vulnerability by publishing the security advisory.
All reports will be promptly addressed, and you'll be credited accordingly.