- We should make it very explicit on https://www.mediawiki.org/wiki/Reporting_security_bugs that we don't pay bug bounties
- And also get https://hackerone.com/mediawiki updated by whatever means...
Information is provided and moderated by members of the community. Accuracy has not been validated by HackerOne.