If you find a security vulnerability, do NOT open an issue. Instead, report the vulnerability on the security advisories page. This reduces the risk of criminals getting aware and exploiting the vulnerability before we got a chance to fix it.

In order to determine whether you are dealing with a security issue, ask yourself these two questions:

• Can I access something that's not mine, or something I shouldn't have access to?
• Can I disable something for other people?

If the answer to either of those two questions are "yes", then you're probably dealing with a security issue. Note that even if you answer "no" to both questions, you may still be dealing with a security issue, so if you're unsure, please report on the security advisories page.

If the bug is not security related, please use the corresponding issue template to submit it on GitHub.