On Fri, Mar 27, 2015 at 3:45 PM, Benedikt Ritter <[email protected]> wrote: > ...CVEs are an example of such issues that shouldn't be discussed publicly....
A specific security@ list is probably best for that, see http://sling.apache.org/project-information/security.html for how we handle that in Sling. -Bertrand
