You can privately report security vulnerabilities to PHP-Textile team by opening a new draft security advisory to us on GitHub.

When opening a new advisory, take the following considerations into account:

• Before opening a security advisory, please try to confirm that the security issue is caused by PHP-Textile, and not by third-party or configuration error.
• Provide details as to the nature of the vulnerability, and examples of the steps to replicate it.
• PHP-Textile is a free, open-source project run by volunteers, and we do not offer monetary rewards or provide bug bounties for discovering security issues.
• Due to the volunteer-nature, our response times may not be immediate. We do kindly ask to allow us a reasonable amount of time to evaluate and correct the issue before making details public.