We offer a $10 bounty if the bug you find qualifies as a security bug, up to a total of $20 per person. To report a bug, please see our instructions located at /.well-known/security.txt, which conforms to the security.txt proposed standard for websites' security information; if you are curious about this IETF (Internet Engineering Task Force) draft you can read more about it on Wikipedia's security.txt page.


  1. July 6, 2021: Add upper limit of total reward for one person.