PR #43 made public a series of strings that allow to crash the demuxer. Releasing a new version as soon as possible is mandatory in order prevent DoS attacks on services that make use of this library.

FYI I've created a v1.12.0 tag 👍