To report a security issue, please file a security advisory on GitHub with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue. Our vulnerability management team will respond within 7 working days of your report. This project follows a 90 day disclosure timeline.