Please do not file a public ticket mentioning the vulnerability.
If you have found a vulnerability please follow co-ordinated/responsible disclosure and report it to us by email at [email protected] you can use our PGP public key to encrypt the message.
We will collaborate with you to fix any vulnerabilities as fast as possible; the time will depend upon the complexity of the fix.