You can report security vulnerability at Report a problem
- Reports are manually made public so any kind of security bug reports are absolutely fine to go through the usual channel.
- Security bugs and vulnerabilities will not be made public, until a patch has been out for no less than 14 days, to give users a chance to update.
- By default, I keep all user details out of any bug report to protect user privacy. This applies to security flaw or otherwise.
- If you want your name and/or email to be included in the final public report (once a patch has been released), please do mention it at the bottom of the report.
Thank you for keeping Felicity safe for everyone.