If you find a security vulnerability, do not open an issue. Directly contact Rosa on keybase.io instead. Here is the signed proof of ownership that proves both the GitHub and Keybase accounts are owned by the same person.

You can also send an encrypted email to the primary UID of the PGP key 60BA2A8BFD583641. The signatures on Keybase were made with that key.

Security fixes are my top priority, and I'll do my best to get it fixed within the day. If not, expect daily personal updates until it's fixed