Please do NOT create a public bug report if you think you found a security issue. Instead, please contact me directly via email: [email protected].
Only bug reports submitted directly to me will be treated as responsible disclosure. Any offered for sale to third parties or submitted to public bug bounty programmes will be treated as irresponsible public disclosure. I will not confirm any submissions on third party platforms such as "huntr" or "hackerone" and do not give permission for those systems to accept reports on my behalf or to represent themselves as a conduit for vulnerability reports.