Coordinated vulnerability disclosure
If you find a security vulnerability in Grapevine, please privately report it to the Grapevine maintainers in one of the following ways:
- Open a GitLab issue that's marked as confidential
- Create a private, invite-only, E2EE Matrix room and invite the following
users:
@charles:computer.surgery@olivia:computer.surgery@xiretza:xiretza.xyz
If the maintainers determine that the vulnerability is shared with Conduit or other forks, we'll work with their teams to ensure that all affected projects can release a fix at the same time.