Have you found a security related bug on SourceForge? Please review this document and let us know. We greatly appreciate security communities and those who disclose problems to us quickly so that we can take action. We provide public thanks and acknowledgement for verified reports.
When sending in a report, whenever possible, please provide as much information as necessary to reproduce the issue. For example, the URL where the vulnerability is located, the input required, screenshots, web browser and operating systems tested, etc. Accurate information will help us track down and expedite resolving the issue.
If you believe there is evidence that file hosting may be compromised, please be sure to indicate the exact files you downloaded, and the mirror you downloaded from. It is also helpful if you can check the file hashes of the downloaded files compared to what we report as the correct hash.
If you've verified a vulnerability, please contact us as soon as possible by emailing firstname.lastname@example.org with full details and information on how to reproduce the issue.
* Vulnerability reported by several independent researchers