The PyYAML project encourages responsible disclosure of suspected security vulnerabilities. However, we do not offer bug bounties, paid disclosure, or paid fixes for discovered vulnerabilities. To report a suspected security vulnerability, please e-mail details to security@pyyaml.org without creating public issues, pull requests, or discussion. Non-security correspondence to this address will be ignored.