If you think you've identified a security issue in an Endless project, please DO NOT report the issue publicly via the GitHub issue tracker, Discord, any other public medium. Instead, send an email with as many details as possible to security@endlessos.org. This is a private inbox for Endless security staff.

Please do not create a public issue.