If you think you have discovered a security issue within any part of this codebase, please let us know by providing a description of the flaw and any related information (e.g. steps to reproduce, version, etc.). There are two ways to report a security bug:

• The first way is to submit a report to HackerOne. This way of submitting a report will make you eligible for a bounty but will require you to follow a certain process, including possible limitations on when the results can be publicly disclosed.

• If you do not wish to submit via HackerOne, then you can send us a direct email at [email protected]. This way of submitting a report will not make you eligible for a bounty but will allow you to responsibly disclose on your terms.