This project is an Eclipse Foundation Project and follows the Eclipse Foundation Security Policy for vulnerability handling and responsible disclosure.
Please do NOT report security vulnerabilities through public issues, pull requests, or discussions.
If you believe you have found a security vulnerability, report it privately using one of the following methods:
- Contact the Eclipse Foundation Security Team via email
- Create a confidential issue in the Eclipse Foundation Vulnerability Reporting Tracker
More information about the Eclipse security process: https://www.eclipse.org/security/
Please include as much of the following information as possible:
- Description of the vulnerability
- Affected component(s) and version(s)
- Potential impact and attack scenario
- Steps to reproduce the issue
- Relevant configuration details
- Log files or error messages (if available)
- Proof‑of‑concept or exploit code (if available)
This information helps us triage and resolve the issue more efficiently.
- The report is received and triaged by the Eclipse Foundation Security Team
- The issue is coordinated with the project’s Security Team (by default, the project committers)
- The vulnerability is analyzed and addressed
- A fix or mitigation is prepared and released
- Public disclosure occurs after a fix is available
This project follows coordinated and responsible disclosure in accordance with Eclipse Foundation Security Policy.
There is currently no official release version of Eclipse Disuko.
Security updates are applied to the HEAD of the main branch.
We appreciate responsible disclosure and will acknowledge reporters in security advisories when appropriate (unless anonymity is requested).
-
Eclipse Foundation Security Policy
https://www.eclipse.org/security/policy/ -
Eclipse Security Handbook
https://eclipse-csi.github.io/security-handbook/