Is there a security contact?

[halkeye]

WhiteSourceSoftware contacted me about an xss issue in https://github.com/jenkinsci/markdown-formatter-plugin which uses flexmark. From my testing I think its something that needs to be handled in flexmark. I have a test case and they gave me a great report I can forward, but I don't want to make it public without them.