Is your feature request related to a problem? Please describe.
I'm not sure how to report security vulnerabilities privately.
Describe the solution you'd like
A page that describes how to report security vulnerabilities
Describe alternatives you've considered
I tried email and got no response. Private email is not a great option, I realize. So I'm left with hoping or forking... neither one of which is really a great option. Or, just opening up PRs that point out the problems.
Additional context
I have a few low severity DoS vulns to report. I'd like to get these fixed before we release our next version of Apache Tika that includes an integration with commonmark-java.
Is your feature request related to a problem? Please describe.
I'm not sure how to report security vulnerabilities privately.
Describe the solution you'd like
A page that describes how to report security vulnerabilities
Describe alternatives you've considered
I tried email and got no response. Private email is not a great option, I realize. So I'm left with hoping or forking... neither one of which is really a great option. Or, just opening up PRs that point out the problems.
Additional context
I have a few low severity DoS vulns to report. I'd like to get these fixed before we release our next version of Apache Tika that includes an integration with commonmark-java.