We encourage reporting security issues via encrypted email. We offer the security.txt , for more information see https://securitytxt.org, discovery mechanism and Web Key Directory (WKD) to obtain the public corresponding to the email address advertised there.
gpg --auto-key-locate clear,wkd,nodefault --locate-keys security[at]univention.de
Alternatively the key can be downloaded directly here.
We appreciate responsible disclosure for vulnerabilities that affect either our products Univention Corporate Server and UCS@school or our online web services.