All vulnerabilities should be reported via email to [email protected] (possible to send end-to-end encrypted).

Please include the following information in your report:

• Type of issue (cross-site scripting, SQL injection, remote code execution, etc.)
• Version with the bug
• The potential impact of the vulnerability (i.e. what data can be accessed or modified)
• Step-by-step instructions to reproduce the issue
• Any proof-of-concept or exploit code required to reproduce