Please report security vulnerabilities you discover to security at postgresml.org. All reports will be acknowledged within 24 hours. You'll receive daily updates until the vulnerability is patched.