Please default to using the issue tracker to report security vulnerabilities and add the "security" tag to the issue. If you would like to report a vulnerability in private, please join the Discord and DM one of the maintainers. We strive to respond to security escalations within one week, though fixes may take longer to implmement.