Please report vulnerabilities you find in picocli to:
rpopma at apache.org
Anyone can send email to this address. The resolution of any reported security issues will be handled in confidence. In your report, please note how you would like to be credited for discovering the issue.
| Version | Supported |
|---|---|
| latest 4.x.x | ✅ |
| older 4.x.x | ❌ |
| < 4.0 | ❌ |
Due to the sensitive nature of security bugs, the disclosure process is more constrained than a regular bug. We appreciate you following these industry accepted guidelines, which gives time for a proper fix and limit the time window of attack.