Do not open Issues or Pull Requests for security issues.
This will make potential issues publicly visible before LaunchDarkly's Security Team can address them, which could lead to a compromise of the platform and negatively impact our customers.

Security issues must be reported through our Bug Bounty program, following the program policy, for triage and remediation by the LaunchDarkly Security Team. Valid security issues may be eligible for a bounty.

Please do not attempt to directly contact members of LaunchDarkly staff.