If you believe you have found a security vulnerability in Mango, please report it to us as soon as possible. Please DO NOT file a public issue, instead send your report privately to security@geeekboy.com.

Our security team will acknowledge your report, and will send a more detailed response to your email within 72 hours indicating the next steps in handling your report. After the initial reply to your report, the security team will endeavor to keep you informed of the progress being made towards a fix and full announcement, and may ask for additional information or guidance.

DO NOT discuss your report with others until it has been resolved, or you have been given explicit permission to do so. Please do not reveal details about the vulnerability until it has been resolved or you will be held accountable for any damages caused by the disclosure.

We do not offer bounties for security vulnerabilities. We do however offer a thank you in the release notes of the next version, and a shout out on our social media accounts.