SECURITY.md

Oracle values the independent security research community and believes thatresponsible disclosure of security vulnerabilities helps us ensure the securityand privacy of all our users.

Please do NOT raise a GitHub Issue to report a security vulnerability. If youbelieve you have found a security vulnerability, please submit a report tosecalert_us@oracle.com preferably with a proof of concept. Please reviewsome additional information onhow to report security vulnerabilities to Oracle.We encourage people who contact Oracle Security to use email encryption usingour encryption key.

We ask that you do not use other channels or contact the project maintainersdirectly.

Non-vulnerability related security issues including ideas for new or improvedsecurity features are welcome on GitHub Issues.

Security updates will be released on a regular cadence. Many of our projectswill typically release security fixes in conjunction with theOracle Critical Patch Update program. Additionalinformation, including past advisories, is available on oursecurity alertspage.

We will provide security related information such as a threat model, considerationsfor secure use, or any known security issues in our documentation. Please notethat labs and sample code are intended to demonstrate a concept and may not besufficiently hardened for production use.

There aren’t any published security advisories