# Security Policy

## Reporting a Vulnerability

You can privately report security vulnerabilities to PHP-Textile team by opening a
[new draft security advisory](https://github.com/textile/php-textile/security/advisories/new)
to us on GitHub.

When opening a new advisory, take the following considerations into account:

* Before opening a security advisory, please try to confirm that the security
  issue is caused by PHP-Textile, and not by third-party or configuration
  error.
* Provide details as to the nature of the vulnerability, and examples of the steps to
  replicate it.
* PHP-Textile is a free, open-source project run by volunteers, and we do not offer monetary
  rewards or provide bug bounties for discovering security issues.
* Due to the volunteer-nature, our response times may not be immediate. We do kindly ask to allow
  us a reasonable amount of time to evaluate and correct the issue before making details public.