Please do not report security vulnerabilities through public GitHub issues.
Instead, report security vulnerabilities to security@includesecurity.com. You should receive a response from us within 48 hours. If the issue is confirmed, we will release a patch as soon as possible.
Thank you to dir0x for reporting a vulnerability that could allow an attacker to bypass a domain whitelist in certain circumstances, fixed in this commit.