Send vulnerability details to admin@thunderdome.dev and please refrain from posting an issue with the details until they can be reviewed by a maintainer of this repository. If a vulnerability is confirmed a CVE will be opened with Github and the fix released as quickly as possible based on severity of the issue.