If you think you have discovered a security issue in any of the code, I'd love to hear from you. I will take all security bugs seriously and if confirmed upon investigation I will patch it within a reasonable amount of time and release a public security bulletin discussing the impact and credit the discoverer.

The best way to report a security bug and easiest is to email a description of the flaw and any related information (e.g. reproduction steps, version) to the author.