# Security Policy

This project is covered by the Drupal security advisory process, which is
facilitated by the Drupal Security Team.

To report a security vulnerability, follow the [process for reporting a Drupal
Security issue](https://www.drupal.org/docs/develop/issues/issue-procedures-and-etiquette/reporting-a-security-issue).

Do not disclose the nature of the vulnerability in public. The Drupal Security
Team will publish an advisory and issue a CVE once a fix is available.

[Learn more about the Drupal Security Team](https://www.drupal.org/drupal-security-team).