Security issue in Ember.js

I’m trying to get a hold of someone from the security team. According to, I sent an email about a security issue of Ember.js to, Robert and Tom. However, I haven’t received any response so far, so I am writing this here. Could someone of the security team check the email?

This made me check in spam and I do see an email from April 6 but I don’t know if it’s from you, please DM me your details.

Also, for anyone reading this thread who feels concerned: we get a lot of bogus security reports because a lot of security audit tools:

  1. Don’t understand that your build tools are never being handed untrusted input and never run in production.
  2. Don’t distinguish between the responsibilities of Ember vs the webserver.

The email to the security list that was in my spam falls into category 2.

Thank you for your reply. I sent the details to your email address. I think the email you received on April 6 is not from me. I sent the email on March 29 4:12 (JST).