If a major vulnerability bug is found that poses a risk to current users of the software, then a new issue should first has to be created. This issue should NOT SHOW DETAILS about the vulnerability itself. Via the issue a possibility to report the vulnerability only to the maintainers is provided. In order to notice the vulnerability even faster, we also ask you to start the title with [CRITICAL].