Hello,
In December, I sent to security@payara.fish a report about a known DoS vulnerability in one of libraries included in Payara. I haven’t got any reply and I can see that mentioned library has not been upgraded in 5.2022.1.
Does anyone know how such issues should be handled? Was I supposed to make a PR instead, or to report to another place? Or, maybe such upgrades could be delayed in community edition (for various reasons) and I should consider enterprise edition if I expect enterprise-level support?
Thank your in advance for reply.
Regards,
Robert