Report vulnerabilities either by raising an issue, or emailing [email protected].

Please be kind and don't report whatever SCA scanner you pointed at this thing; instead if you're concerned, encourage your developers to bump the version and submit a pull request.

If you've discovered a legitimate vulnerability that you can personally reproduce or discuss as a possible exploit, we're happy to hear about it.