To report a security issue, contact me on Twitter or LinkedIn with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue.

If the issue is confirmed as a vulnerability, a Security Advisory will be open and acknowledge your contributions as part of it. This project follows a 90 day disclosure timeline.