We currently accept reports for vulnerabilities on all published versions of the project.

You can disclose vulnerabilities securely through the Netflix Bugcrowd site. When reporting a finding, mention the project name or repository in the title and the report will find its way to the correct people.

Please note that at the moment, the Metaflow project does not offer a bounty for any disclosure.