Communicate with the maintainer, @voxpelli, through pelle@kodfabrik.se or other private channel. Start the subject line with SECURITY: or similarly clearly convey the importance of the communication.

The maintainer will get back to you as soon as possible and work with you to evaluate and handle the vulnerability.

As none of the maintainers are working on this module as part of their day jobs, no promises can be made in how fast a fix can be made.

Whenever feasible, a patch version fixing the security vulnerability will be released and the reporting user, unless it wishes to stay anonymous, will be credited for their contribution.