Vulnerability Disclosure Policy

Reporting vulnerabilities

We welcome reports regarding vulnerabilities in our infrastructure. You can send PGP-encrypted mail to The public PGP key can be found at


We aim to create patches for vulnerabilities that are found within 2 weeks of the submitted report. In case the vulnerability involves multiple system components we aim to create patches and deploy within a month of the submitted report date.