Please see our FAQs at http://forrest.apache.org/faq.html#security http://forrest.apache.org/issues.html#intro
These refer to the "ASF Security Team" web site to explain the procedures regarding how security issues are reported and co-ordinated. "Please note that the security mailing lists should only be used for reporting undisclosed security vulnerabilities in Apache products and managing the process of fixing such vulnerabilities." For all other issues please continue to use our Forrest project issue tracker and mail lists. -David
