davewasmer
commented
6 years ago We should have a written, publicly available process for responsibly reporting security flaws in the framework. Something that documents how to privately report such issues, timeliness for communication, etc. This is standard procedure for mature frameworks, and beyond the intrinsic value of the procedure, is a signal of the seriousness of the project.
For example: https://emberjs.com/security/
Can you provide more detail here?