Please report security issues via email to opensource [at] anexia-it [dot] com. Never use the issue tracker, as this would put users at risk by publishing the vulnerability before it is fixed.
We will get in touch with you shortly, keeping you in the loop about our findings to your discovery. When we found and implemented a fix, we will document the problem in the changelog, crediting you (if you want, with a name you tell us to use). We will also gladly link to a blog post or similar related to the issue you reported.
Sadly we can not generally offer monetary compensation at this point.
Thank you for your help in making the internet more secure.