Open an issue on GitHub using the vulnerability template. In addition to the vulnerability tag (which should be added automatically) also add tags for the versions that you know are affected.

We will get back to you within a working day to discuss the next steps.

If you would like to report a security vulnerability confidentially, please send an email to [email protected].

We will fix security vulnerabilities for the latest released version and the main branch.