As a Java library we often find vulnerabilities are reported by downstream (and thus user facing) projects.

• GeoTools uses GitHub security option for private vulnerability reporting
• To discuss vulnerabilities attend our bi-weekly video chat meeting (see developer list for meeting invite).
• GeoTools is an Open Source Geospatial Foundation project, the geotools project officer can be emailed directly if you are unable to attend meeting above.

To allow downstream projects an opportunity to upgrade the GeoTools issue tracker uses placeholder issues (with no description or details). Details are added when fix is available in the supported and maintenance branches listed above.