Ask HN: Are other OS maintainers being spammed with Security Vulnerabilities? I'm being hit with small, nitpick security vulnerabilities, like being able to IDOR profile images for other users on a self-hosted software. Then the submitters are spamming me to release a vulnerability, despite me messaging stating the next release will trigger the release (there are no release dates for my product, but usually every 3 months). It's becoming overwhelming. What practices are other maintainers putting in place? |