While we try to be proactive in preventing security problems, unfortunately, it is inevitable that security flaws will be discovered in all software, including our own. It is standard practice in open source to responsibly and privately disclose to the vendor — in this case Marc Bernard Tools — a security problem before publicizing, so a fix can be prepared, and we can take proactive steps to protect the users of Marc Bernard Tools.

Security updates for Marc Bernard Tools will be integrated as soon as possible. Therefore, update to the latest version to include all known security patches.

To report a security issue, please use the GitHub Security Advisory "Report a Vulnerability" tab.

We will send a response indicating the next steps in handling your report. After the initial reply to your report, we will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.

Report security bugs in third-party modules to the person or team maintaining the module.

In all cases, you should not share the details with anyone else until after the fix for the bug has been officially released to the public.