When our tooling reports an unaddressed security vulnerability in the SDK, we need a way to confidentially request a fix. While the vulnerability is public, our use of a product containing the vulnerability and our interest in having it fixed we want to keep private. A sophisticated attacker could choose to seek out this knowledge when looking for attack vectors.
Can you please let us know how we can best confidentially request these fixes?