blob: 14840be5436cadca6071ac44ea08e924ee3986d3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
<#import "/_scaffold.html" as main>
<@main.scaffold title="Security Vulnerabilities">
<div class="page-header top5">
<div>
<div class="row">
<p>
Lombok is a build-time only dependency; there is no need for <code>lombok.jar</code> to be available when your application is run, it just needs to be there when you compile your code.
</p><p>
Therefore, lombok is highly unlikely to be a source of security vulnerabilities.
</p><p>
Nevertheless, if you have a concern or found a vulnerability, please disclose the vulnerability privately. We would like to coordinate with you so that we can release a fix for the vulnerability together with the disclosure of the vulnerability to the public. As an open source project we are not currently able to offer a monetary reward, but we will acknowledge your contribution (and we'll owe you a refreshing beverage of your choice, of course!), and work with you to set a reasonable timeline for a fix.
</p><p>
If you want to report a vulnerability, please contact the <a href="https://tidelift.com/security">tidelift security team</a>. Alternatively, you can contact us directly via <a href="mailto:security@projectlombok.org">security@projectlombok.org</a>.
</p>
</div>
</div>
</div>
</@main.scaffold>
|
