- Open an issue stating the type of vulnerability and provide as much detail as possible.
- If there is a risk to existing installs when disclosing the vulnerability, then request setting up private correspondence.
- The vulnerability will then be responsibly resolved prior to disclosure.