We will only target master for security patches. If a package maintainer specifically asks us to backport fixes for their version on their distro we will consider it.

• Click the "Security and quality" tab (the shield icon) under the Valhalla repo name. If you don't see it, click the ⋯ dropdown menu to find it.
• In the left sidebar, under "Reporting", click Advisories.
• Click the "Report a vulnerability" button — this only appears if private vulnerability reporting is enabled.
• Fill out the advisory details form. Only the title and description are required, but the more detail the better (affected versions, severity, steps to reproduce, etc.).
• Click "Submit report".