The Fluid community has a closed-membership security working group who are available to respond to possible security issues, consisting of a small group of committers to Fluid-related projects.
Any suspected security vulnerabilities can be reported privately by email to security@fluidproject.org. These messages will be forwarded to members of the security working group, who are responsible for working with contributors with relevant expertise and the reporter to address the issue in a timely manner.
For more details see the Security wiki page.