Note that the Apache 2.0 licensed junixsocket project comes with absolutely no warranties or conditions of any kind. That said, we try our best to remedy any security issues as soon as possible.
Should a security issue arise, a fix would usually be included in a PATCH or MINOR version update, i.e., 2.6.1 -> 2.6.2 or 2.7.0.
All 2.x.x versions should be backwards-compatible. Consider the latest 2.x.x version the recommended version.
If you depend on an outdated version of junixsocket or need other commercial support, please reach
out to directly to Christian Kohlschütter (email is in pom.xml).
| Version | Supported |
|---|---|
| 2.9.x | ✅ |
| < 2.9.x | Commercial support available |
| < 2.0 | ❌ |
Please DO NOT report security vulnerabilities through GitHub issues!
Instead, please reach out directly to Christian Kohlschütter (email is in pom.xml); be sure to
include the phrase SECURITY ISSUE in the email subject.
You should usually receive a response within 3 business days.
This project follows a 90 day disclosure timeline.