If there are any vulnerabilities in Mai project, don't hesitate to report them.
- Contact Any Development Leads
- Describe the vulnerability.
- If you have a fix, explain or attach it.
- In the near time, expect a reply with the required steps. Also, there may be a demand for a pull request which include the fixes.
You should not disclose the vulnerability publicly if you haven't received an answer in some weeks. If the vulnerability is rejected, you may post it publicly within some hour of rejection, unless the rejection is withdrawn within that time period. After the vulnerability has been fixed, you may disclose the vulnerability details publicly over some days.