The following versions of your project are currently being supported with security updates.

Send an email to mail@martinspielmann.de if you want to give me a chance to provide a patch before the vulnerability is disclosed. I'll try to respond within a day.

Feel free to go for a full displosure instead and open a Github issue with your finding.

As this is a private, spare time project, I will highly appreciate any contribution but won't able to provide a bounty. But (if you like) you will be named in the release notes of the fix and added to the README