I take security bugs very seriously and I am sincerely appreciative when they are responsibly disclosed.

• DO NOT open a Github issue disclosing the vulnerability. Instead, use Github's Security Advisory tab.
• I will keep you update with the status of the fix, and may ask for additional information or guidance.