Hello! Thank you for wanting to disclose a possible security vulnerability within the Doorkeeper gem! Please follow our disclosure policy as outlined below:
- Do NOT open up a GitHub issue with your report. Security reports should be kept private until a possible fix is determined.
- Send an email to Nikita Bulai at bulaj.nikita AT gmail.com or one of the others Doorkeeper maintainers listed in gemspec. You should receive a prompt response.
- Be patient. Since Doorkeeper is in a stable maintenance phase, we want to do as little as possible to rock the boat of the project.
Thank you very much for adhering for these policies!