All v3 cogs are currently supported.

Please email me directly at [email protected]. If you are reporting a security vulnerability then I assume you know what you're doing, and that I don't need to explain how important it is that you include all the information that you can. But please do.

I will review all vulnerability reports as quickly as possible, and always within 48 hours. Whether it is legitimate or not, you can expect a reply from me within that time. If I want or need more information I might ask that we chat, probably via Discord.

All legitimate reported vulnerabilities which are within my power to fix will be fixed as soon as possible.

I may determine that the cause of a vulnerability is actually upstream from my cogs, at Red, discord.py, or Discord itself. If that is the case, I will ask that you take your report to the party which has the power to review and resolve it.