Best way to report a vulnerability is to send an email to [email protected]
.
Make the subject <project> vulnerability
and give a description (and if possible a reproducible example) on the vulnerability.
Security issues will be patched on high priority basis, and we try to give the users of the module an alert of a required update as soon as it have been patched, vulnerabilities will be made public within 15 days after a fix is implemented.
As of right now, we offer no bounties for vulnerability reporting.