I’m trying to get a hold of someone from the security team. According to https://emberjs.com/security/, I sent an email about a security issue of Ember.js to security@emberjs.com, Robert and Tom. However, I haven’t received any response so far, so I am writing this here. Could someone of the security team check the email?
This made me check in spam and I do see an email from April 6 but I don’t know if it’s from you, please DM me your details.
Also, for anyone reading this thread who feels concerned: we get a lot of bogus security reports because a lot of security audit tools:
- Don’t understand that your build tools are never being handed untrusted input and never run in production.
- Don’t distinguish between the responsibilities of Ember vs the webserver.
The email to the security list that was in my spam falls into category 2.
Thank you for your reply. I sent the details to your email address. I think the email you received on April 6 is not from me. I sent the email on March 29 4:12 (JST).