Where to report security vulnerabilities?



  • I found two security vulnerabilities in the private server login flow, but I don't want to reveal the details publicly. One includes a piece of code that can be used to actively exploit it; the other is purely theoretical but goes against the Steam developer guidelines. Is there a way I can report them such that only the Screeps developers can view it?



  • When logged into the screeps world, Top left next to the Screeps logo there's a menu button.Half way down the menu is "Report a Problem"

    https://support.screeps.com/hc/en-us/requests/new

    There is also an option to mark it Urgent if you feel its dire.

    ☝