Security vulnerabilities should be disclosed to the project maintainers by emailing [email protected].