If you have discovered a security vulnerability in this project, please report it privately. Do not disclose it as a public issue. This gives us time to work with you to fix the issue before public exposure, reducing the chance that the exploit will be used before a patch is released.
This project is maintained by a team of volunteers on a reasonable-effort basis. As such, please give us at least 90 days to work on a fix before public exposure. We will contact you back within 2 business days after reporting the issue.
Thanks for helping make the project safe for everyone!
Please, report the vulnerability either through new security advisory form or by directly contacting our security contacts.
Security contacts:
Security updates are applied only to the most recent release.