Bounty program closed.

This site no longer accepts vulnerability reports, triage requests, or bounty submissions.

Responsible disclosure remains open through the appropriate private channels. Reports submitted before the closure announcement will be handled under the terms that applied at the time of submission.