While Miraheze takes the security of their servers and data very seriously, we cannot guarantee a 100% security leak free MediaWiki environment.
Report a security flaw
If you think you have found a flaw in/on any Miraheze site, server, MediaWiki extension or anything that is ran on a Miraheze server, please email securitymiraheze.org with as many details as possible. Do not discuss the flaw publicly. Depending on the affected service, it might be necessary to email securitywikimedia.org - if you are in doubt who to email, contact us; we'll forward your email to Wikimedia if needed.
As an alternative to email, you may login or create an account on our Phabricator with MediaWiki, GitHub, or a Phabricator specific account and then proceed to open a security related task using this form which hides it from the public view and adds the Security project so our team is notified of the task.