Please share privately the details of your security vulnerability by email to: [email protected]
Or open an issue at our forum

Make sure to include as much information as possible, with the detailed steps to reproduce the problem, the versions that are affected, the expected results and actual results, and any other information that might help us react faster and more efficiently.

Due to the nature of open source, security vulnerability fixes are public. Patches for minor issues are committed directly to stable repository branch, to be published with next planned minor release. Confirmed serious vulnerabilities are fixed and published as soon as possible, together with new emergency minor release.