We take security very seriously and we appreciate any help in making us more secure.
If you have a security-related culnerability to report, please open draft security advisory and a collaborator will privately discuss the advisory with you directly and privately.
Once we have determined that the security issue is valid we will attempt to fix the issue as soon as possible. Once the issue has been resolved we will publish the security advisory along with the security patch.