Please report security vulnerabilities by email to info@numfocus.org.
If the security vulnerability is accepted, a patch will be crafted privately in order to prepare a dedicated bugfix release as timely as possible (depending on the complexity of the fix).