If you discover a security issue with REDAXO or a related package, please contact us via info {at} redaxo.org instead of using a public channel. That way we can work on a fix together before everyone knows how to exploit a potential issue. Thank you!