Thanks for taking the time to engage with the project! We believe in the concept of coordinated disclosure and currently expect a 60 day grace period for resolution of any outstanding issues.
As Kanidm is in early Alpha and under heavy development, only the most recent release and current HEAD of the main branch will be supported.
Please log a security-template issue on Github and directly contact one of the core team members via email:
We will endeavour to respond to your request as soon as possible, no bounties are available, but acknowledgement will be made if you like.