This document describes the management of vulnerabilities for the tilloh.dev project.

Individuals who find potential vulnerabilities in tilloh.dev are invited to report them via email at tim-lohse@gmx.de.

Avoid creating new "informative" reports. Only create new report a potential vulnerability if you are absolutely sure this should be tagged as an actual vulnerability. Be careful on the maintainers time.

When a potential vulnerability is reported, the following actions are taken:

The owner of the project will answer to the individual who submitted the potential vulnerability and work on a possible solution.