To report a security issue, please email [email protected] with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue. The Security Team will attempt to respond within 3 working days of your email. If the issue is confirmed as a vulnerability, we will open a Security Advisory. This project follows a 90 day disclosure timeline.
- A GitHub Security Advisory will be created in the appropriate repository.
- A project member works privately with the reporter to resolve the vulnerability.
- The project creates a new release of the package the vulnerabilty affects to deliver its fix.
- The project publicly announces the vulnerability and describes how to apply the fix.
We strongly recommend users of our libraries to use Scala Steward or something similar to automatically receive updates.
name | PGP public key | |
---|---|---|
Ross A. Baker | [email protected] | 0x975BE5BC29D92CA5 |
Arman Bilge | [email protected] | 0xA335B107E9282548 |
Brian P. Holt | [email protected] |