SECURITY.md

If you discover a vulnerability, please do the following:

• E-mail your findings to scott_s829 [at] 163 [dot] com.
• Do not take advantage of the vulnerability or problem you have discovered, for example by downloading more data than necessary to demonstrate the vulnerability or deleting or modifying other people's data.
• Do not reveal the problem to others until it has been resolved.
• Do not use attacks on physical security, social engineering, distributed denial of service, spam or applications of third parties.
• Do provide sufficient information to reproduce the problem, so we will be able to resolve it as quickly as possible. Complex vulnerabilities may require further explanation!