To report a vulnerability, open a GitHub issue marked [security] or [sec] or email the maintainer directly.

Please do not file public issues for unpatched security bugs.