Please report all security issues to the LaunchDarkly security team by submitting a bug bounty report to our HackerOne program. LaunchDarkly will triage and address all valid security issues following the response targets defined in our program policy. Valid security issues may be eligible for a bounty.

Please do not open issues or pull requests for security issues. This makes the problem immediately visible to everyone, including potentially malicious actors.