Report a Security Issue

If you think you found a security related problem, please report it responsibly.

For security-related issues, please do not report these on the normal issue tracker. Contact the security team instead.

You can reach the security team confidentially by email at


Only bug reports submitted directly to the security team email will be treated as responsible disclosure. Any offered for sale to third parties or submitted to public bug bounty programmes will be treated as irresponsible public disclosure. We will not confirm any submissions on third party platforms such as "huntr" or "hackerone" and do not give permission for those systems to accept reports on our behalf or to represent themselves as a conduit for vulnerability reports.