Our pen testers have discovered a possible security issue with version 4.5 of the Pentaho server. We don't have a support contract and we're using the CE version of Pentaho. Is there a contact within Pentaho that I can send the details on to?

Ps. I've tried to look on the forums regarding this problem but haven't found anything similar.