If you discover a security vulnerability, follow the steps outlined below to report it:

1. Do not publicly disclose the vulnerability before discussing it with us.

2. Report a bug at https://bugs.launchpad.net/subiquity

   Important: Remember to set the information type to Private Security. This is set with the field below the Bug Description. Click the edit icon under "This bug contains information that is:", and choose Private Security.

3. Provide detailed information about the vulnerability, including:

   • A description of the vulnerability
   • Steps to reproduce the issue
   • Potential impact and affected versions
   • Suggested mitigation, if possible

The Ubuntu Security disclosure and embargo policy contains more information about what you can expect when you contact us and what we expect from you.