Short version: please report security issues by emailing [email protected].
Most normal bugs in Iaso are reported to our GitHub issues, but due to the sensitive nature of security issues, we ask that they not be publicly reported in this fashion.
Instead, if you believe you’ve found something in Iaso which has security implications, please send a description of the issue via email to [email protected]. Mail sent to that address reaches the security team.
Once you’ve submitted an issue via email, you should receive an acknowledgment from a member of the security team within 48 hours, and depending on the action to be taken, you may receive further followup emails.