...
Any suspected security vulnerabilities can be reported privately by email to security@lists.idrc.ocad.ca security@fluidproject.org. These messages will be forwarded to members of the security working group, who are responsible for working with contributors with relevant expertise and the reporter to address the issue in a timely manner.
...