Security Disclosures

Reporting a Vulnerability

To report security issues send an email to

Please do not announce of the vulnerability publicly until the fix is released. Thank you.

The following keys may be used to communicate sensitive information to developers:




AB22 4F6F 2ED1 1812 47E7 1D83 5CDE 5043 6C3D B40C

You can import a key by running the following command with that individual’s fingerprint: gpg --recv-keys "<fingerprint>" Ensure that you put quotes around fingerprints containing spaces.

After the initial reply to your report, you will be informed of the progress towards a fix and full announcement. You may be asked to provide additional information or guidance.

We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.