Devs Please do not, EVER, post vulnerabilities to the public Jira. Our processes are explained here: https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report
Specifically, send an email to secur...@fineract.apache.org see the apache security page for the general approach. https://www.apache.org/security/ Thanks,
