We need to have a dedicated place to report and discuss security vulnerabilities. This should be a list anyone can send to, but only specific people can subscribe to. I'd like to create a new mailing list 'keycloak-security' for this purpose and have everyone on the team subscribed. Thoughts? Suggestions to alternative approaches? _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev