Please visit the Security > Advisories page for this repository and submit a new advisory to report any discovered security vulnerabilities.
The development team will respond as soon as possible. Depending on the impact and work required to resolve the issue, expect a patch within 14 days.
Fixed vulnerabilities will be closed and documented in release notes, optionally with credit to the reporter.
If a vulnerability will not be fixed for any reason, the advisory will be closed and the reason why the vulnerability will not or can not be fixed will be documented.