Skip to content

Security: PhilippHeuer/events4j

SECURITY.md

Security Policy

Supported Versions

Please focus your analysis on the latest version of the library.

If the project maintainers deem the issue to be particularly significant, a patch may be backported to some previous versions.

Reporting a Vulnerability

Please privately report any vulnerabilities as a Github Security Advisory.

We will acknowledge the report within a week and begin investigating.

Disclosure

Our vulnerability disclosure guidelines are similar to Google's Project Zero rules.

Once you report a vulnerability, we have 90 days to make a patch available for users. Once a patch is released, you may publicly disclose the vulnerability details after 30 more days (so users have time to upgrade). If we do not release a patch within this period, you can publicly disclose the details of the vulnerability without further delay.

If the vulnerability is shown to be already exploited "in the wild," the 90-day period is replaced by a 10-day period. However, the 30 additional days before public disclosure still apply, if we are able to publish a patch within the period.

Lastly, early disclosure is permitted only if mutually agreed upon by the issue reporter and the project maintainers.

There aren’t any published security advisories