We ask the security research community to give us an opportunity to correct a vulnerability before publicly identifying or disclosing it, as we ourselves do when we discover vulnerabilities in other vendors' products. This serves everyone's best interests by ensuring that customers receive comprehensive, high-quality updates for security vulnerabilities but are not exposed to malicious attacks while the update is being developed. After customers are protected, public discussion of the vulnerability helps the industry at large improve its products.
Please email [email protected] to report any security-related issues. Do NOT post any security-related issues to this public issue queue.
Thanks!