We only address security issues of the latest full release or the latest release candidate that followed it. Please see our releases.
We value your work and input and want to give you the opportunity to publish your findings as soon as possible. However, to keep us and our users safe, we want to get at least started on patching the issue before you do so.
This is why, for reporting a vulnerability, we'd appreciate you talking to us directly first by sending an e-mail to the following address:
This will give us the opportunity to assess the issue internally and get back to you to discuss how to proceed.