Please do not open an issue if you find a vulnerability. Send an email to envelope-zero@maurice-meyer.de and a maintainer will get in touch with you as soon as possible. This might take up to 72 hours.
You will be kept up to date with all developments via email.
Once your report has been checked and the vulnerability is confirmed, it will be patched as soon as possible and issue a security advisory will be released with the patch.