Please report security issues confidentially via GitHub "Report new vulnerability" form.
Alternatively, you can email reports to torresariass@gmail.com, optionally encrypted with PGP using this key (fingerprint):
903B AB73 640E B6D6 5533 EFF3 468F 122C E816 2295
Please do not use the GitHub issue tracker to submit vulnerability reports. The issue tracker is intended for bug reports and to make feature requests. Major feature requests, such as design changes to the specification, should be proposed via in-toto Enhancement (ITE).