@kkarhan there's already a CVE and a security advisory on github. For now it's not necessary as far as I know for CERT to be involved