This is a comment from #153 (comment)
There are chances a project won't respond to security vulnerabilities. Perhaps the maintainer moved on and the repository is orphaned.
I find it important to highlight the practices of vulnerability disclosures here to follow industry standards:
https://cheatsheetseries.owasp.org/cheatsheets/Vulnerability_Disclosure_Cheat_Sheet.html
This is a comment from https://codeberg.org/forgejo/website/pulls/153#issuecomment-827242
There are chances a project won't respond to security vulnerabilities. Perhaps the maintainer moved on and the repository is orphaned.
I find it important to highlight the practices of vulnerability disclosures here to follow industry standards:
https://cheatsheetseries.owasp.org/cheatsheets/Vulnerability_Disclosure_Cheat_Sheet.html