Please do not open a public GitHub issue for security vulnerabilities.

Instead, report them by email at pimalaya.org@posteo.net. Include as much detail as possible: a description of the issue, steps to reproduce, and any potential impact.

You can expect an acknowledgement within 72 hours. Once the vulnerability is confirmed, a fix will be prepared and a new release published before public disclosure.