Please use one of the following ways to report a security vulnerability or concern:

• GitHub's private security reporting feature.
• Write an email to [email protected].

Please make sure your report contains information about

• on how to reproduce the issue.
• a fix (if any) which's code is compatible with the project's licensing.
• attribution (Name? Email? Any URL to mention?) or if you want to stay anonymous.

Beside our thanks, you can expect attribution in the release notes of the version shipping a fix if your report was valid. Please note that we do not pay any bug bounties.