Vulnerabilities may be reported to [email protected]. Please do not file vulnerabilities as issues, as doing so is public. The report will generally not be made public until it is confirmed and resolved. Once reported, you will receive an email response within a few days. The resolution, if any, will typically be available within a few days as well.