Any security issues can be reported to the main author at kenneth@duplicati.com.

If the issue is sensitive, the [PGP signing key](https://pgp.mit.edu/pks/lookup?op=get&search=0xC20E90473DAC703D) can be used for encryption.