We take security very seriously. We welcome any peer review of our 100% open source code to ensure the information submitted through this platform or other who rely upon it is not compromised or that hacked.
Where should I report security issues?
In order to give the community time to respond and upgrade we strongly urge you report all security issues privately. Please email [email protected] and/or [email protected] with details and reproduction steps. Security issues always take precedence over bug fixes and feature work. We can and do mark releases as "urgent" if they contain serious security fixes.