All known security vulnerabilities must be disclosed publically within 30 days of a detection during regular monitoring.

A security vulnerability must never be posted in Issues. This must be done directly through GitHub or via [email protected]