Please DO NOT file a public issue, instead send your report privately to security@docker.com.

Security reports are greatly appreciated and we will publicly thank you for it, although we will keep your name confidential if you request it. We also like to send gifts—if you're into swag, make sure to let us know. We currently do not offer a paid security bug bounty program, but are not ruling it out in the future.