On Fri, Oct 25, 2024 at 6:21 AM Domenico Francesco Bruscino < [email protected]> wrote:
> I strongly encourage you to report potential security vulnerabilities to > [email protected] mailing lists first, before disclosing them in a > public > forum. Please see the page of the ASF Security Team[1] for further > information and contact information. > > [1] https://www.apache.org/security/ you are certainly correct about newly discovered vulnerabilities, but once a CVE is published, the cat is already out of the bag (no harm in requesting a response)
