If you have found a vulnerability that is exploitable on the live application, please report it privately to one of the moderators on the Ruby NZ Slack, or email [email protected]. It may take several days to get a response.

Please explain the severity of the issue and – if you have a fix – please hold off on opening a PR until we can be ready to merge and deploy it quickly.