Found a security issue in GoAccess? Read on.

GoAccess takes all security bugs seriously. Thank you for improving the security of goaccess. I appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions.

Vulnerabilities should be reported to hello@goaccess.io which is a private, maintainer-only email address.

When I receive a security bug report, I will work on the fix and prepare a release including the following steps:

• Confirm the problem and determine the affected versions.
• Audit the code to find any potential similar problems.

If you have suggestions on how this process could be improved please submit a pull request.

When reporting an issue, where possible, please provide the following (if possible):

• Commit version where the issue was introduced.
• A proof of concept (plaintext; or ideally send a patch to same email address)
• Steps to reproduce
• Your recommended fixes, if any.

Note: Please do not open public issues for security issues, as GitHub does not provide facility for private issues, and deleting the issue makes it hard to triage/respond back to the reporter.