Tarek Mulla takes security seriously. He makes every possible effort to ensure the source code is free from potential bugs or vulnerabilities and try to fix security vulnerabilities in a timely manner.

Please report security vulnerabilities in the github security advisory. This is configured in such a way that only the reporter and the contributors can see the details, privately discuss it with collaborators and create a temporary private fork where you can collaborate on a fix. If you've already fixed the vulnerability, just fill out the draft security advisory and then publish it.

If you are unable to report using the security advisory, you can also send your report to Tarek email directly: tarek@mulla.au