The Gitblit team takes security bugs seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.
To report a security vulnerability, you can use the Github mechanism to privately report a vulnerability. On Gitblit's repository page, choose the Security tab (under the repository name). Click the Report a vulnerability button on the right.
Alternatively, you can also report any security issue via e-mail. Send an email to the following email address and include the word "SECURITY" in the subject line.