Please open an issue on GitHub to report security issues. If you believe your security issue is too sensitive for a public issue, email diabotsecurity@vobar.eu

Please do not use PGP encryption (old public keys for this address exist). If you insist on using an encrypted channel, you can send a message on Signal: cas.304

If you think that there might be a security issue in the Diabot code, please run your own instance of the bot to test this. This way, the chance of accidentally exposing private data is reduced. If you believe that the potential issue cannot be reproduced without using the live version of diabot, please email diabotsecurity@vobar.eu or reach out on Signal at cas.304 to ask for permission before attempting to reproduce the issue.