While Miraheze takes the security of their servers and data very seriously, we cannot guarantee a 100% security leak free MediaWiki environment.
Report a security flaw
If you think you have found a flaw in/on any Miraheze site, server, MediaWiki extension or anything that is ran on a Miraheze server, please email security miraheze.org with as many details as possible. Do not discuss the flaw publicly. Depending on the affected service, it might be necessary to email security wikimedia.org - if you are in doubt who to email, contact us; we'll forward your email to Wikimedia if needed.
As an alternative to email, you may login or create an account on our Phabricator with MediaWiki, GitHub, or a Phabricator specific account and then proceed to open a security related task using this form which hides it from the public view and adds the Security project so our team is notified of the task.