If you discover a security issue with REDAXO or a related package, please contact us via https://github.com/redaxo/core/security/advisories/new or info {at} redaxo.org instead of using a public channel. That way we can work on a fix together before everyone knows how to exploit a potential issue. Thank you!