To report a security vulnerability please send an email to openaf@openaf.io. If accepted it will be addressed and tested on the a specific branch and then, merged, as soon as possible to the main branch that will become available as a nightly build.
Depending on the impacts of the necessary changes the latest stable release might also be updated, if them needed.