If you find a security vulnerability, do NOT open an issue. Email daniel@bartholomae.name instead. This reduces the risk of criminals getting aware and exploiting the vulnerability before we got a chance to fix it.
In order to determine whether you are dealing with a security issue, ask yourself these two questions:
- Can I access something that's not mine, or something I shouldn't have access to?
- Can I disable something for other people?
If the answer to either of those two questions are "yes", then you're probably dealing with a security issue. Note that even if you answer "no" to both questions, you may still be dealing with a security issue, so if you're unsure, just email us at daniel@bartholomae.name.
If the bug is not security related, please use the corresponding issue template to submit it on GitHub.