If you find a security bug, please first update to the latest version. Dependencies are getting updated regularly, and the vulnerability might have been fixed already. If it still exists after that, please file an issue on Github.

We try to react in 24–48 hours on a best effort basis.