You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
23 lines
1.2 KiB
23 lines
1.2 KiB
# Security Policy
|
|
|
|
Last Updated: 2019-11-26
|
|
|
|
## Supported Versions
|
|
|
|
Current status of open branches, with new releases, can be found from [Jackson Releases](https://github.com/FasterXML/jackson/wiki/Jackson-Releases)
|
|
wiki page
|
|
|
|
## Reporting a Vulnerability
|
|
|
|
The recommended mechanism for reporting possible security vulnerabilities follows
|
|
so-called "Coordinated Disclosure Plan" (see [definition of DCP](https://vuls.cert.org/confluence/display/Wiki/Coordinated+Vulnerability+Disclosure+Guidance)
|
|
for general idea). The first step is to file a [Tidelift security contact](https://tidelift.com/security):
|
|
Tidelift will route all reports via their system to maintainers of relevant package(s), and start the
|
|
process that will evaluate concern and issue possible fixes, send update notices and so on.
|
|
Note that you do not need to be a Tidelift subscriber to file a security contact.
|
|
|
|
Alternatively you may also report possible vulnerabilities to `info` at fasterxml dot com
|
|
mailing address. Note that filing an issue to go with report is fine, but if you do that please
|
|
DO NOT include details of security problem in the issue but only in email contact.
|
|
This is important to give us time to provide a patch, if necessary, for the problem.
|