We only support security patches for the currently released (0.x) version.
Check the VERSION file to get the current version and include it in your ticket or when contacting us.
Security fixes will be releases under minor version 0.x.y once they are fixed and merged back in the project.
You can report security vulnerabilities using different methods regarding their severity.
If you encounter a security related issue within the project regarding the code, the architecture or the behavior of the project and if this issue can be releaved publicly please open a ticket on our official bug-tracker and tag is wih the security label.
In the issue please mention the version (or commit version  if you are on the master branch) and all the related informations needed to reproduce and explain it.
If you need to discuss about the issue first with us you can always join our official support XMPP chatroom at movim@conference.movim.eu.
If the issue severity can cause some direct threats to the Movim and XMPP users and/or servers where Movim is deployed or if you need to first discuss about it before filling a ticket please contact the author directy by sending a XMPP message to edhelas at movim.eu.