Do not report vulnerabilities through public GitHub issues, discussions, pull requests, or any other public form of communication.

Please directly email [email protected] to report vulnerabilities. Depending on the severity of the vulnerability, and to our sole discretion, we may choose to award a bug bounty for the vulnerability disclosure.

To send us a PGP encrypted email, download our key at keys.openpgp.org (Fingerprint 449BBAF932DB3E7F0EDB345FAF515CC322F47EF4)