The following table lists which versions of MochaJSON are currently being supported with security updates.
| Version | Supported |
|---|---|
| 1.0.x | β Fully supported |
| < 1.0.0 | β Unsupported |
We recommend always using the latest stable release available on Maven Central to receive the newest security fixes and performance improvements.
If you discover a security vulnerability in MochaJSON, please follow these steps:
- Do not create a public GitHub issue.
- Privately email the maintainers at:
π§mochaapi@example.com - Provide a clear description of:
- The nature of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
You can expect:
- An acknowledgment within 48 hours
- A response and triage within 7 days
- A coordinated disclosure plan if the issue is confirmed
We ask that all security researchers follow responsible disclosure practices:
- Do not exploit or publicly share vulnerabilities before they are fixed.
- We will credit security reporters who help improve MochaJSON in our release notes (with permission).
To use MochaJSON securely:
- Always update to the latest version.
- Avoid using reflection-based or unsafe parsing modes (if added in future versions).
- Validate network input before passing it to MochaJSON parsers.
- β GitHub Dependabot security alerts enabled
- β GitHub CodeQL Analysis workflow enabled
- π Regular review of external dependencies
- π§ͺ Continuous integration with Gradle vulnerability scan
For urgent or sensitive matters:
MochaAPI Team β Lead Maintainers
π§ guptavishal998.pa@gmail.com
π https://github.com/MochaAPI/MochaJSON
Thank you for helping keep MochaJSON safe and secure for everyone.