If a security issue has been discovered, please report it privately via email to Lasse Collin (OpenPGP key fingerprint: 3690 C240 CE51 B467 0D30 AD1C 38EE 757D 6918 4620) or use the Report a vulnerability button in the security section on GitHub. Thank you!