If you find a security issue in Fuji — a way to crash, exploit, dupe, or gain unauthorized access on a server running it — please do not open a public issue. Report it privately so it can be fixed before disclosure:
- Use GitHub's private vulnerability reporting, or
- Open a minimal issue asking for a private contact channel (do not include exploit details there).
Please include the Fuji build number (/version), reproduction steps, and the impact.
Fuji is a fork of Paper / Leaf / Sakura. Vulnerabilities in the underlying Minecraft server, Paper, or Leaf that are not introduced by Fuji's own patches are best reported to those upstream projects — but if you're unsure, report it to us and we'll route it.
Only the latest Fuji build for the current Minecraft version receives fixes. Please update before reporting.