The version 1.0.0 (the only one released so far) is currently being supported with security updates.

Please email me at rih.carv@gmail.com, providing concise steps to reproduce the vulnerability found. I will reply as soon as possible.

I will do my best to address the issue, and you can expect it to be shipped on the next released versions, as soon as it's been fixed.

To protect our community, I ask that you wait until a fix is made available and communicated to those affected, or a reasonable period of time has elapsed since notification, before publicly disclosing it. Also, I will fill a security advisory once the details are known.