This document defines security reporting, handling and disclosure for the Timoni project.
You can privately disclose a vulnerability through GitHub's private vulnerability reporting mechanism.
Another option is to contact Stefan Prodan on Keybase messenger at
keybase.io/stefanprodan
(fingerprint 613BF2C4D985BBCB1474123F5A00A04500683EBD).
You will be able to choose if you want public acknowledgement of your effort and how you would like to be credited.
Vulnerability disclosures are made public on GitHub's security advisories page.
Disclosures will contain an overview, details about the vulnerability, a fix that will typically be an update, and optionally a workaround if one is available.
Disclosures will be made public in a timely manner after a release is published that fixes the vulnerability.