If you've found a security vulnerability, please report it to security@37signals.com. Do not open a public issue.

We will acknowledge your report within 48 hours and work with you to understand and address the issue.

Thank you for helping keep 37signals software secure.