[Ruby] Proper Way to Report a Security Hole in LoginGenerator?

[Aaron Goldfeder]

I'm a complete noob to the rails community and any help is appreciated.

I found a security bug in the LoginGenerator gem (1.2.2). Its part of the
generated code so may be in quite a few sites.  Easy to exploit, easy to
fix. On a scale of 1-5 where 5 is most severe, i'd call it a 3.

I'd rather not post the details of the issue on the web or mailing list
until the proper process has happened - assuming such a thing exists :)

Anyone have any tips?

Thanks!

Aaron