We release patches for security vulnerabilities, consumers are expected to track the latest version of the library.
For low risk security vulnerabilities CVSS 3.1 scores of < 5.0, you may log the issue via the GitHub tracker. Otherwise and for all other vulnerabilities, please report (suspected) security vulnerabilities to security@shimmeringbee.io. We are an open source volunteer project, we aim to respond to you within 72 hours. If the issue is confirmed, we will release a patch as soon as possible depending on complexity.