If you find a security issue, please DO NOT submit it via the issue tracker! Instead, please follow responsible disclosure practices and send information about security issues directly to [email protected] so that a proper assessment can be made and a fix prepared before a wide announcement. You will receive an acknowledgement within 24 hours.
Even in cases where you have limited or incomplete information, or you’re not sure whether or not a problem constitutes a security issue, please make contact as soon as possible. We can work together to investigate, debug, and assess.
Your help is greatly appreciated in keeping this project secure!