If you find a security related bug, we kindly ask you for responsible disclosure and for giving us appropriate time to react, analyze and develop a fix to mitigate the found security vulnerability.
Please report vulnerabilities by e-mail to the following address:
All vulnerabilities and associated information will be treated with full confidentiality.
Security vulnerabilities will be disclosed via release notes, and will credit you for your findings (unless you prefer to stay anonymous, of course).