Closed 4cad closed 5 years ago
CC: @daeyeon @haesik
Any thoughts on this? I would prefer not to sit on vulnerabilities for too long after their discovery.
@4cad Hi Dane, the project has no official private channels at the moment. You can track down my email address from my profile page and I might try and give a feedback whether to publicly report the vulnerability or not, but that's far from official. (Or you might try that with any of the other maintainers.)
@akosthekiss Sounds good - I will give you a ping tonight with the details.
Issue discussed with @4cad via email. Closing this issue for now.
What is the best way to report security bugs to your project? It is a generally good practice to avoid public issue trackers if possible when reporting vulnerabilities, but I cannot find any alternatives in your project documentation.
Thanks, Dane