Skip to content
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
49 changes: 49 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
# Security Policy

## Supported Versions

We provide security updates for the following versions of the Java Design Patterns project:

| Version | Supported |
| ------- | ------------------ |
| Main branch (latest) | :white_check_mark: |
| Older versions | :x: |

We recommend using the latest version from the main branch to ensure you have the latest security fixes.

## Reporting a Vulnerability

We take the security of our project seriously. If you discover a security vulnerability within this project, please send an email to the maintainers at [iluwatar.java.design.patterns@gmail.com](mailto:iluwatar.java.design.patterns@gmail.com). Please do not open a public issue for security vulnerabilities.

Please include the following information in your report:
- A clear description of the vulnerability
- Steps to reproduce the issue
- Any proof-of-concept code or screenshots
- The version(s) of the project affected
- Potential impact and severity assessment

We will acknowledge receipt of your report within 48 hours and will keep you informed of our progress toward a fix. We aim to resolve security issues within 30 days of disclosure, depending on the complexity and impact.

## Preferred Languages

We prefer to receive security reports in English.

## Policy

We follow responsible disclosure practices. Once a vulnerability is confirmed:
1. We will acknowledge your report within 48 hours
2. We will investigate and confirm the vulnerability
3. We will work on a fix and test it thoroughly
4. We will coordinate a public disclosure timeline with you
5. We will credit you in our security advisory (unless you wish to remain anonymous)

We do not offer bounties for security reports, but we greatly appreciate your help in keeping this project secure for everyone.

## Scope

This security policy applies to the Java Design Patterns project repository and all pattern implementations within it. It does not cover:
- Individual pattern implementations in forks or derivatives
- Educational examples that intentionally demonstrate vulnerabilities for learning purposes
- Third-party libraries or dependencies used in the project

For general questions or non-security-related issues, please use the standard issue tracker.
Loading