In case you have found a security issue with ANY Jazzband project please do NOT open public GitHub issues, pull requests or anything that could leak sensitive information to the public.
Jazzband asks you to instead responsibly report the security issue by email to security@jazzband.co.
Your email is sent to the Jazzband roadies, the people that maintain the Jazzband organization. A member of the roadies will respond to you acknowledging your initial email and then, depending on the action to be taken, further followup emails afterwards.
If you would like to optionally encrypt the email to security@jazzband.co please use the PGP key with the fingerprint:
02DE 8F84 2900 411A DD70 B137 4D87 558A F652 A00F
The key's short ID is F652A00F and can be fetched from many public
key servers.