We discovered last year some behavior in ZK that can trigger DoS with very low complexity. We are now writing a blog post on our findings (and other surrounding it) but would like to send mail to the responsible disclosure list before doing so.
Where should I direct responsible disclosures? Thanks in advance. -- evan
