Short version: please report security issues by emailing [email protected].
If you discover security issues in Open Inwoner or related projects under the same organization, we request you to disclose these in a responsible way by e-mailing to [email protected].
It is extremely useful if you have a reproducible test case and/or clear steps on how to reproduce the vulnerability.
Please do not report security issues on the public Github issue tracker, as this makes it visible which exploits exist before a fix is available, potentially comprising a lot of unprotected instances.
Once you’ve submitted an issue via email, you should receive an acknowledgment from a member of the security team as soon as possible, and depending on the action to be taken, you may receive further followup emails.