On Thu, Mar 7, 2013 at 12:55 AM, Ian Boston <[email protected]> wrote: > ...If there are other areas where its possible, with ease to create > critical security issues, then I think we must address those > immediately. > > Please share, ideally on list. > If you think its not for public list consumption please send a message > to sling-private so the issue can be added to the normal cert > procedure...
Note that http://sling.apache.org/project-information/security.html describes how to report security issues without making them public. -Bertrand
