No security policy: How to report a vulnerability?

[Sideni]

Hello there fellow ruby-jose maintainers,

I have a vulnerability on ruby-jose I'd like to report.
As there is currently no security policy on the repo, I wonder what would be the best way to discuss it and have it fixed?
I would suggest a security advisory.

Let me know how we can proceed :)

[Sideni]

@potatosalad @beanieboi @waynerobinson @soumyaray Any way we can talk about this? I can also provide a fix :)

[beanieboi]

@Sideni sorry I'm not a maintainer.

[Sideni]

@potatosalad Could you by any chance enable private vulnerability reporting on the repo so that I could document and discuss the issue with you privately ? :)