Security vulnerabilities should be reported to me privately, do not create a public bug report.

I will reply to acknowledge the report, then patch it as soon as I am able to.

All relevant information will be disclosed once a patch is released.

The patch will be released as a new version, previous versions will not be updated.

I am unable to reward reports with anything other than credit where appropriate, as I am just a hobbyist programmer.

Contact information for sending reports can be found on my website.