The review up to the intermediate report was done in two phases. After the intermediate report all raised issues have been addressed. Overall, the implementation and its documentation are of a high standard. Apart from the new functionality, the codebase is largely unchanged from the previous release except for some refactoring.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.