From 1dd2004f1b253aadb957bd9649bcefcee1f380a8 Mon Sep 17 00:00:00 2001
From: muxator <a.mux@inwind.it>
Date: Sun, 20 Oct 2019 00:49:46 +0200
Subject: [PATCH] security: since there is no dedicated security group, I take
 charge for now.

Disclosure of vulnerabilities should be handled by a dedicated, multi-person
group, which for now does not exist. I take charge (hopefully temporarily) of
being that point of contact for now.
---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index 9430e86bc..ae80caf89 100644
--- a/README.md
+++ b/README.md
@@ -100,6 +100,8 @@ Read our [**Developer Guidelines**](https://github.com/ether/etherpad-lite/blob/
 # Get in touch
 The official channel for contacting the development team is via the [Github issues](https://github.com/ether/etherpad-lite/issues).
 
+For **responsible disclosure of vulnerabilities**, please write a mail to the maintainer (a.mux@inwind.it).
+
 # HTTP API
 Etherpad is designed to be easily embeddable and provides a [HTTP API](https://github.com/ether/etherpad-lite/wiki/HTTP-API)
 that allows your web application to manage pads, users and groups. It is recommended to use the [available client implementations](https://github.com/ether/etherpad-lite/wiki/HTTP-API-client-libraries) in order to interact with this API.