Please do not announce of the vulnerability publicly until the fix is released. Thank you.
The following keys may be used to communicate sensitive information to developers:
You can import a key by running the following command with that individual’s fingerprint:
gpg --recv-keys "<fingerprint>"Ensure that you put quotes around fingerprints containing spaces.
After the initial reply to your report, you will be informed of the progress towards a fix and full announcement. You may be asked to provide additional information or guidance.
We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.