To simplify things and help our users to be more productive, we have archived the current forum and focus our efforts on helping developers on Stack Overflow. You can post new questions on Stack Overflow or join our Discord channel.
I recently was working with some software based on the Vaadin framework, and I discovered a minor security issue, but one that coud be leveraged to gain additional information about the server's internal state and does have a few possible matching CWE (Common Weakness Enumeration) identifiers.
I would like to contact some developers directly to see about confirming my interpetations of what I am seeing and, if my assessment is correct, to see about getting this fixed. I noticed that the question of how to report security issues was asked in the past, but I was not able to find an answer to it in a few minutes of searching. How do I go about that/who should I contact?