Please don't file security-related issues in the Issues section of this repository, or publicly disclose them without first contacting us. We operate a Coordinated Disclosure approach and will work with you in good faith to responsibly fix and publicly disclose security issues appropriately.
Checklist for reporting security issues:
- Don’t disclose the issue publicly
- Document the issue to help us understand how to fix it
- Report the security issue to us directly via web.standards@dia.govt.nz
- Be professional and clear in your communications
- Wait to hear back from us
- Provide any follow up information if requested to help resolve the issue
- Work with us on timing and publishing of the security issue