What is the contact email for a responsible disclosure of a security issue?

openid / AppAuth-JS

JavaScript client SDK for communicating with OAuth 2.0 and OpenID Connect providers.

Apache License 2.0

985 stars 161 forks source link

What is the contact email for a responsible disclosure of a security issue? #102

Closed eranation closed 5 years ago

eranation commented 5 years ago

I found a (low severity probably) small security issue, what is the best contact to do a responsible disclosure? (low or not, it's still an issue, so I rather not just issue a pull request / describe it here in public)

I tried contacting the official OpenID contact details, but didn't hear back yet.

Again, it's probably a low impact issue, affecting only old browsers, easy to reproduce and easy to fix, but still it's security related so I rather follow the protocol.

tikurahul commented 5 years ago

Sorry am on vacation at the moment. Can you please reach out to me at rahulrav (at) google ?

tikurahul commented 5 years ago

Thanks for reporting the bug !