Please report all security issues privately to Daniel Roethlisberger.
The maintainers pledge to act on all reported security issues in a timely and professional manner, working with the reporter to reproduce, understand, address and disclose vulnerabilities in a coordinated manner. For critical vulnerabilities, we will prepare a bugfix release based on the last release, obtain CVE numbers and notify distributions shipping affected packages in advance of the release.