Process for reporting Security Bugs?

[Google-Autofuzz]

Hi Json team,

As part of our fuzzing efforts at Google, we are interested in understanding the process for reporting potential security issues to your project in a private manner. Could you please advise us if there is a private tracker for these kinds of bugs, or if you prefer them filed in a publicly visible way?

Thanks!

[nlohmann]

Using this issue tracker is OK.

If confidential information is involved, note this entry in the README.

[Google-Autofuzz]

Perfect, thanks!