Closed welisheva22 closed 1 month ago
Not sure we want vulnerabilities reported as normal issues. Need to research what options are available so they can be fixed before disclosed publicly (e.g., maintainers mailing list)
Enabled private vulnerability reporting on the repo. Revised SECURITY.md text to reflect that.
Given that we are in the alpha stage, I think this would suffice. When we are out of alpha stage, it would be valuable to revise this process as security vulnerabilities may need to be handled differently than other enhancements/bugs/comments.