Any suspicion of vulnerabilities or reports of security threats or breaches can be sent to [email protected].

Do NOT go posting your reports in public forums!

It is standard praxis to await a security fix released before registering a CVE record for the vulnerability.