Security fixes are applied to the latest published version of
branding-engine.
Do not open a public issue for a suspected vulnerability.
Use GitHub's private vulnerability reporting:
https://github.com/joeseverino/branding-engine/security/advisories/new
Include the affected version, reproduction steps, impact, and any suggested mitigation. You should receive an initial response within seven days.