Skip to content

Security: adoptium/STF

SECURITY.md

Security Policies and Procedures

This document outlines security procedures and general policies for the Eclipse Adoptium project.

Reporting a Vulnerability

The Eclipse Adoptium community take all security vulnerabilities seriously. Thank you for improving the security of our projects. We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions.

Report a security vulnerability privately by creating a draft security advisory following the guidelines described in the GitHub documentation. Reporters without a GitHub account should email the Eclipse Security Team at security@eclipse.org.

Disclosure Policy

Disclosure is initially limited to the reporter and Adoptium security team, but will eventually be expanded to include other individuals, and the general public as appropriate. The timing and manner of disclosure is governed by the Eclipse Security Policy.

Publicly disclosed issues are listed on the Disclosed Vulnerabilities Page.

Comments on this Policy

If you have suggestions on how this process could be improved please submit a pull request.

There aren’t any published security advisories