Please do not disclose potential security vulnerabilities in public. Instead of opening an issue or a pull request, contact the project's maintainer at [email protected]. Each submission will be reviewed in order.
Responsible disclosure is honoured with great respect. A place amongst the list of contributors is also granted for the authors of verified issues.
Public articles may only be written about a case once a fix is available for the affected package(s).