Please do not open a public GitHub issue for security vulnerabilities.
Report them privately by email to jon@carpediemsystems.co.uk. Include:
- A description of the vulnerability and its potential impact
- Steps to reproduce or a proof-of-concept
- Any suggested mitigations you are aware of
You will receive a response within 5 business days. If a fix is warranted, a patched release will be made as soon as possible and you will be credited in the release notes unless you prefer otherwise.