Reporting security bugs
If you discover a security issue in Libravatar, please report it to us privately so that we can push a fix to the main service before disclosing the problem publicly. We will credit you publicly (unless you don't want to) with this discovery.
The best way to do that is to file a security bug on our bug tracker. Make sure you change the bug visibibility (see "This bug contains information that is") to Private Security.
Alternatively, you can talk to us at firstname.lastname@example.org.
We will do our best to respond to you within 24-48 hours.
Also, please let us know if you are under any kind of publication deadline.
Security Hall of fame
We would like to thank the following people who have helped make Libravatar more secure by reporting security issues to us.