Best way to report a vulnerability is to send an email to [email protected].
Make the subject Yolog vulnerability and give a description (and if possible a reproducible example) on the vulnerability.

Security issues will be patched on high priority basis, and we try to give the users of the module an alert of a required update as soon as it have been patched, vulnerabilities will be made public 15 days after a fix is implemented.

As of right now, we offer no bounties for vulnerability reporting.