Send an e-mail to opensource.contact@orange.com to report a vulnerability and contact all people in CONTRIBUTORS and MAINTAINERS. If accepted, we'll create a security advisory and add you and/or your team as collaborators. Please allow our team sufficient time to resolve the vulnerability before disclosing it ; we'll remain in contact about the fix and may ask for your assistance to verify it is resolved.