If you believe you have found a security vulnerability in Perl, please email the details to firstname.lastname@example.org. This creates a new Request Tracker ticket in a special queue which isn't initially publicly accessible. The email will also be copied to a closed subscription unarchived mailing list which includes all the core committers, who will be able to help assess the impact of issues, figure out a resolution, and help co-ordinate the release of patches to mitigate or fix the problem across all platforms on which Perl is supported. Please only use this address for security issues in the Perl core, not for modules independently distributed on CPAN.
When sending an initial request to the security email address, please don't Cc
any other parties, because if they reply to all, the reply will generate yet
another new ticket. Once you have received an initial reply with a
[perl # NNNNNN] ticket number in the headline, it's okay to Cc subsequent replies
third parties: all emails to the perl5-security-report address with the ticket number in the subject line will be added to the ticket; without it, a new ticket will be created.