# Security Policy

If you discover a security vulnerability in this project, please
report it privately. **Do not disclose it as a public issue.**

You may submit a report via email to
[Lasse Collin](mailto:lasse.collin@tukaani.org)
(OpenPGP key fingerprint: 3690 C240 CE51 B467 0D30 AD1C 38EE 757D 6918 4620),
or through
[Security Advisories](https://github.com/tukaani-project/xz/security/advisories/new).

This project is maintained by volunteers on a reasonable-effort basis.
Please give 30 days to work on a fix before public exposure,
reducing the chance that an exploit will be used before a patch is released.