Best way to report a vulnerability is to send an email to sec@jitesoft.com.
Make the subject <project> vulnerability and give a description (and if possible a reproducible example) on the vulnerability.

Security issues will be patched on high priority basis, and we try to give the users of the module an alert of a required update as soon as it have been patched, vulnerabilities will be made public within 15 days after a fix is implemented.

As of right now, we offer no bounties for vulnerability reporting.