If you discover a security vulnerability within is-one-one, please send an email to the maintainers. All security vulnerabilities will be promptly addressed.

Please do not report security vulnerabilities through public GitHub issues.

When we receive a security bug report, we will:

1. Confirm receipt of the vulnerability report
2. Investigate and determine the impact
3. Work on a fix
4. Release the fix and publicly announce the vulnerability

We appreciate your help in keeping the project secure.