- Notifications
You must be signed in to change notification settings - Fork1.4k
Security: JetBrains/compose-multiplatform
Security
SECURITY.md
We do our best to make sure our products are free of security vulnerabilities. To reduce the risk of introducing a vulnerability,you can follow these best practices:
Always use the latest release. For security purposes, we sign our releases published on Maven Centralwith these PGP keys:
- Key ID:compose@jetbrains.com
- Fingerprint:2072 3A63 99BC 0601 5428 3B37 CFAE 163B 64AC 9189
- Key type:ed25519
Follow the GradleDependency Verification Guideto set up continuous verification or learn how tomanually verify a dependency.
Use the latest versions of your application's dependencies. If you need to use a specific version of a dependency,periodically check if any new security vulnerabilities have been discovered. You can followthe guidelines from GitHubor browse known vulnerabilities in theCVE base.
We are very eager and grateful to hear about any security issues you find.To report vulnerabilities that you discover in Compose Multiplatform,please post a message directly to ourissue tracker or send us anemail.
For more information on how our responsible disclosure process works, please check theJetBrains Coordinated Disclosure Policy.