Please report security issues by emailing :email:

Most normal bugs :bug: can be reported by opening a GitHub issue, but due to the sensitive nature of security issues, we ask that they not be publicly reported in this fashion.

Instead, if you believe you’ve found something that has security implications, please send a description of the issue via email to

Mail sent to can be encrypted :lock_with_ink_pen: with our PGP public key :key:

Once you’ve submitted an issue via email, you should receive an acknowledgment from us, and depending on the action to be taken, you may receive further followup emails.

:thought_balloon: Inspired by and freely adapted from Django’s security policies.