Please do not report security vulnerabilities through public GitHub issues.
Instead, please report security vulnerabilities through this form. The form is configured in such a way that only the reporter and the team leader can see the details. By restricting access to this potentially sensitive information, we can work on a fix and deliver it, before a vulnerability becomes well known.
If you have submitted a properly filled out report, the project maintainers will look into your report shortly.
You should receive a response within few hours or days. If not inform us on our communication options that you have filled out the form without including any information.
Keep in mind, that we may choose to reject issues, if they are not feasible for us to address, due limitations or implementations of the codebase.
We will credit reporters who informed us in private by filling out the form above in security releases published.
We prefer all communications to be in English or in exceptional cases in German.