Best way to report security issues?

[oc-ja]

Hello everyone,

if I have found a security risk, which I think would be best addressed at the specification/requirements-level, whom should I contact and how?

I should note, that I'm not part of any development team currently implementing the specification, so I don't have any internal contacts.

Thank you!

Regards,

Jan

[daniel-eder]

Thank you for your report - we'll continue this via mail!