We are thankful for security researchers that reach us, and welcome any responsible disclosure.
Any valid and impactful vulnerability will grant you bragging rights on our acknowledgement page linked in our well-known security.txt page.

Do note that currently no bounty or reward program is in place. Please do not expect an ad-hoc reward either.