Only the latest version (master branch) and currently deployed version (also master branch) of this project is in scope for security issues. Also, only the production environment is in scope, although it's ok and normal to test the staging environment.
Please report a vulnerability by emailing sean@rubybythebay.org
You can also open a github issue (do NOT provide vulnerability details on github) to notify us that you need to report an issue.
We will reply to all reported issues within a week and update at least every two days.
We currently do not have any bug bounty program but we will be happy to list your name in our contributors list! :)