# Coordinated vulnerability disclosure

If you find a security vulnerability in Grapevine, please privately report it to
the Grapevine maintainers in one of the following ways:

* Open a GitLab issue that's marked as confidential
* Create a private, invite-only, E2EE Matrix room and invite the following
  users:
  * `@charles:computer.surgery`
  * `@olivia:computer.surgery`
  * `@xiretza:xiretza.xyz`

If the maintainers determine that the vulnerability is shared with Conduit or
other forks, we'll work with their teams to ensure that all affected projects
can release a fix at the same time.