Did you responsibly disclose the vulnerability to the site owner? Or did you first publish this report publicly?