Security vulnerability disclosure

If you discover a security vulnerability, you can report it to us via any of the below channels:

Open an issue of type "Security" on the issue tracker. Make sure to set "Confidential" to "Yes" if the vulnerability details are not already public.
Send your PGP key to security@iceshrimp.dev. After secure communication is established, send us the vulnerability details as an encrypted message.

This will allow us to assess the risk & make a fix available before the vulnerability is disclosed publicly.