In order to give the community time to respond and upgrade we strongly urge you report all security issues privately. Email us directly at securitybugreport@docpht.org with details and repro steps. Security issues always take precedence over bug fixes and feature work. We can and do mark releases as "urgent" if they contain serious security fixes.