To report a (suspected) security issue, please email bugbounty@prefect.io and follow the instructions for our bug bounty program.
Prefect will acknowledge receipt of your report in a timely manner, usually within 48 hours. After the initial reply to your report, the security team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.