Security bugs will be taken seriously and, if confirmed upon investigation, a new patch will be released within a reasonable amount of time, including a security bulletin and the credit to the discoverer.

The way to report a security bug is to open an issue including related information (e.g., reproduction steps, version).