Reporting security vulnerabilities is of great importance for us, as this project is used in multiple critical infrastructures.
In the case of a security vulnerability report, we ask the reporter to send it directly to [email protected], if possible encrypted with the following PGP key: F60C 0622 EE75 52C9 7EE5 E9F8 4405 4AC1 A573 37A6 or use Report vulnerability form. We usually fix reported and confirmed security vulnerabilities in less than 72 hours, followed by a software release containing the fixes within the following days.