The maintainers of this project take security seriously, and encourage the reporting of potential security issues. If you believe you have found a security vulnerability in any NIOSH Mining repository, please report it to us as described below.

Please do not report security vulnerabilities through public GitHub issues.

If you suspect that you have found a security issue, the most efficient way is to use the "Report a vulnerability" button under the "Security" tab of the associated GitHub project. This creates a private communication channel between the reporter and the maintainers. We will try to respond to you within two business days.

If, for some reason, you are unable to use GitHub's reporting features, you may reach out to mining@cdc.gov, but this may result in a delay in receiving the report.

Please make it easy for us to understand and mitigate the issue by providing as much of the following information as possible:

• Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
• The location of the affected source code (tag/branch/commit or direct URL)
• Step-by-step instructions to reproduce the issue
• Proof-of-concept or exploit code (if possible)
• Impact of the issue, including how an attacker might exploit the issue

This information will help us triage your report more quickly.