Dear ServiceComb Developers, As you know, the Apache Software Foundation takes our users' security seriously, and defines sensible release and security processes to make sure potential security issues are dealt with responsibly. These indirectly also protect our committers, shielding individuals from personal liability. Some of this process is necessarily done in private; as we practice responsible disclosure.
We are seeing potential security issues are reported privately to the ServiceComb PMC, but the PMC currently does not appear to have the bandwidth to triage (and, if necessary, fix and disclose) them. On behalf of the PMC: would anyone be interested in helping out here? If so, please contact priv...@servicecomb.apache.org with secur...@apache.org in Cc. Kind regards, The ASF Security Team