The solo maintainer for libxml2 is no longer accepting embargoed vulnerability reports, citing the unsustainable burden as an unpaid volunteer. Security issues will be treated like any other bug report moving forward.

https://socket.dev/blog/libxml2-maintainer-ends-embargoed-vulnerability-reports #opensource #cybersecurity h/t @joshbressers