If you find a security issue, please contact the project owner at security@nethesis.it with the details (ie. software version, details of the setup, how to exploit the vulnerability, etc).
Please provide 30 days for verifying the vulnerability, fixing the issue, and notifying the users.
If a security vulnerability has found, the details, possible mitigations, workarounds, etc. will be shared on the tracker and developer channels.