Basicly, send an email to [email protected] with the vulnerability description and a proof of concept of the exploit. This is a free project, written on my free time, so: there are no bug bounty, but you will be credited in the version's description, changelog and the contributors list.

Thanks