grapevine/book/contributing/security.md

Coordinated vulnerability disclosure

If you find a security vulnerability in Grapevine, please privately report it to the Grapevine maintainers in one of the following ways:

• Open a GitLab issue that's marked as confidential
• Create a private, invite-only, E2EE Matrix room and invite the following users:
  • @charles:computer.surgery
  • @olivia:computer.surgery
  • @xiretza:xiretza.xyz

If the maintainers determine that the vulnerability is shared with Conduit or other forks, we'll work with their teams to ensure that all affected projects can release a fix at the same time.