Please direct all security vulnerabilities to [email protected]. Please include a detailed PoC and all possible CVEs. We guarantee a maxium of 5 business days for the response, during this time you are not supposed to release anything you've reported for public discovery until appropiate patch has released.