You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

865 B

Security Policy

Last Updated: 2020-03-21

Reporting a Vulnerability

In unlikely event of finding a security vulnerability directly relating to jackson-annotations package -- unlikely, as there is very little code in this package -- the recommended mechanism for reporting possible security vulnerabilities follows so-called "Coordinated Disclosure Plan" (see definition of DCP for general idea). The first step is to file a Tidelift security contact: Tidelift will route all reports via their system to maintainers of relevant package(s), and start the process that will evaluate concern and issue possible fixes, send update notices and so on. Note that you do not need to be a Tidelift subscriber to file a security contact.