To report a security issue, please email scala.center@epfl.ch with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue. The Security Team will attempt to respond within a reasonable timeframe to your email. If the issue is confirmed as a vulnerability, we will open a Security Advisory.

1. A GitHub Security Advisory will be created in the appropriate repository.
2. A project member works privately with the reporter to resolve the vulnerability.
3. The project creates a new release of the package the vulnerability affects to deliver its fix.
4. The project publicly announces the vulnerability and describes how to apply the fix.

We strongly recommend users of our libraries to use Scala Steward or something similar to automatically receive updates.