Reporting a security vulnerability is done via filing a security bug report, please provide us with as much details as you can.

Your report will be reviewed and you can expect a detailed explanation stating how we'll address the situation.
We will provide a reason if we decide to ignore/not pick up this vulnerability, or if it's not applicable.