GeoMesa follows the Eclipse Vulnerability Reporting Policy. Vulnerabilities are tracked by the Eclipse security team, in cooperation with the GeoMesa committers. Fixing vulnerabilities is done by the GeoMesa committers, with assistance and guidance from the security team.
In the case of a suspected vulnerability, do not use any public GeoMesa forum (mailing list, chat or issue tracker). Instead, contact the Eclipse Security Team directly.
The GeoMesa committers will evaluate the impact and scope of any vulnerabilities with guidance from the Eclipse security team, and apply patches to previous releases as deemed necessary.