If you've found a security issue, please do not report it publicly or even fix it publicly. It should be disclosed confidentially to the Red Hat Product Security team. Details at https://access.redhat.com/security/team/contact. The maintainers team will do its best to respond in a timely manner.