I was probing the web service on Saturday on some software I have running on my Raspberry Pi, when I discovered a serious Path Traversal vulnerability, allowing access to arbitrary files on the system.
I reported this privately on Saturday afternoon, and a new release containing the fix went live yesterday.
That’s what taking security seriously looks like – excellent work!