Please send information about any security issue to mail@httpsoft.org. DO NOT use the issue tracker or discuss it in a public forum, as it will do more harm than good.

Please note that as a non-commercial OpenSource project we are not able to pay bounties at the moment.