As development is still ongoing, please only submit vulnerabilities that affect the latest version of this repository. To check that an identified vulnerability is still present, run git checkout main; git pull and then relocate the vulnerability. A vulnerability does not need to be identified in code before it is reported; as long as any behavior that is insecure persists, please do not hesitate to report it.

This repository uses GitHub's private vulnerability reporting process. To report a new potential vulnerability, navigate to the Security tab and create a new draft advisory, which will be reviewed by epispot maintainers within 2 days. Do not create an issue or other public disclosure of the vulnerability, as that could put other users at risk.