Feel welcome to report any issues you have or suggest improvements for Weblate there.
There are various templates prepared to comfortably guide you through the issue report.
Weblate’s development team is strongly committed to responsible reporting and
disclosure of security-related issues. We have adopted and follow policies that
are geared toward delivering timely security updates to Weblate.
Most normal bugs in Weblate are reported to our public GitHub issues tracker, but due to the sensitive
nature of security issues, we ask that they not be publicly reported in this
fashion.
Instead, if you believe you’ve found something in Weblate that has security
implications, please submit a description of the issue to security@weblate.org,
GitHub,
or using HackerOne.
A member of the security team will respond to you within 48 hours, and
depending on what action is taken, you may get more follow-up emails.
Примечание
Sending encrypted reports
If you want to send an encrypted email (optional), please use the public
key for michal@weblate.org with ID 3CB1DF1EF12CF2AC0EE5A329C27B31342B7511D. This public key is available on the most commonly used key servers,
and from Keybase.
Подсказка
Дабы выполнять различные задачи, Weblate также зависит от множества сторонних компонентов. В случае если вы нашли уязвимость прямо в одном из них, то сообщите о ней непосредственно в соответствующий проект.