SECURITY.md

Last Updated: 2020-03-21

The recommended mechanism for reporting possible security vulnerabilities followsso-called "Coordinated Disclosure Plan" (seedefinition of DCPfor general idea). The first step is to file aTidelift security contact:Tidelift will route all reports via their system to maintainers of relevant package(s), and start theprocess that will evaluate concern and issue possible fixes, send update notices and so on.Note that you do not need to be a Tidelift subscriber to file a security contact.

Alternatively you may also report possible vulnerabilities toinfo at fasterxml dot commailing address. Note that filing an issue to go with report is fine, but if you do that pleaseDO NOT include details of security problem in the issue but only in email contact.This is important to give us time to provide a patch, if necessary, for the problem.

There aren’t any published security advisories