If you believe you have found a security vulnerability, DO NOT CREATE AN ISSUE. Instead, please send an email to [email protected].

After this type of report has been submitted, a security vulnerability will be privately discussed, fixed and then publicly disclosed in a security advisory, involving the following steps:

• Confirm the problem and determine the affected versions.
• Audit code to find any potential similar problems.
• Prepare fixes for all releases still under maintenance. These fixes will be released as fast as possible.
• Publicly disclose security problem in a security advisory.