Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.
Instead, report them privately using GitHub's private vulnerability reporting: go to the repository's Security tab and click Report a vulnerability. Alternatively, email security@tigrisdata.com.
Please include as much of the following as you can:
- a description of the vulnerability and its potential impact,
- steps to reproduce, ideally with a proof of concept,
- the affected version(s) or commit, and
- any suggested remediation.
We will acknowledge your report, work with you to assess and fix the issue, and coordinate on disclosure timing. Please give us a reasonable opportunity to remediate before any public disclosure.
Security fixes are provided on a best-effort basis for the latest released version. Please include the affected version(s), and reproduce on the latest release when possible.