Help! I’ve found a security bug!

Don’t panic, they happen. If you’ve found a security issue in any Charcoal project, please don’t post it publicly (including in Charcoal HQ, our chatroom). Instead, email details of the vulnerability to [email protected], which is a mailing list that will reach the necessary people. They’ll have a look and confirm whether or not it’s a security issue, and deal with it appropriately.

Which projects matter most?

If you find a security bug in any of the projects in the list below, please let us know as soon as possible - these are projects which are critical to what Charcoal does or to the security of core Charcoal software.