In case that you discover a security issue, please use this contact for reporting it privately:

Lars Fenneberg <>

A PGP key for encrypted communication is available on the usual key servers. The key id is 0xCAF0E5281F46FD85.

While a lot has changed any security vulnerability found in Benji might also be present in backy² from which Benji was originally derived. So you might want to take a look at to see if backy² is also affected. If that is the case please contact Daniel privately, too.