I noticed that my report regarding a potential DoS bug in the instant Elasticsearch deployment on es.io was marked as out-of-scope (OOS). Could you please clarify why this deployment/domain is considered OOS? I want to make sure I fully understand the scope for future reports.
Welcome to the community.
All questions / answers about security should be routed to