Question: How should security issues be reported

Created by: markhalliwell

I cannot find any documentation on how to report security issues for this project.

Ideally, they should be reported in confidence to the maintainers. A direct message, however, seems inappropriate and could potentially get lost.

I'm honestly a bit surprised that GitHub doesn't have a mechanism that allows someone to create a security issue for a project that only the OP and maintainers can view.

Is there another service this project uses for reporting security issues that just isn't documented?