diff options
Diffstat (limited to 'website/templates/security.html')
| -rw-r--r-- | website/templates/security.html | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/website/templates/security.html b/website/templates/security.html new file mode 100644 index 00000000..8eb2b3f7 --- /dev/null +++ b/website/templates/security.html @@ -0,0 +1,18 @@ +<#import "/_scaffold.html" as main> +<@main.scaffold title="Security Vulnerabilities"> + <div class="page-header top5"> + <div> + <div class="row"> + <p> + Lombok is a build-time only dependency; there is no need for <code>lombok.jar</code> to be available when your application is run, it just needs to be there when you compile your code. + </p><p> + Therefore, lombok is highly unlikely to be a source of security vulnerabilities. + </p><p> + Nevertheless, if you have a concern or found a vulnerability, please disclose the vulnerability privately. We would like to coordinate with you so that we can release a fix for the vulnerability together with the disclosure of the vulnerability to the public. As an open source project we are not currently able to offer a monetary reward, but we will acknowledge your contribution (and we'll owe you a refreshing beverage of your choice, of course!), and work with you to set a reasonable timeline for a fix. + </p><p> + If you want to report a vulnerability, please contact the <a href="https://tidelift.com/security">tidelift security team</a>. Alternatively, you can contact us directly via <a href="mailto:info@projectlombok.org">info@projectlombok.org</a>. + </p> + </div> + </div> + </div> +</@main.scaffold> |