mirror of
https://github.com/tiennm99/lombok.git
synced 2026-06-10 00:13:47 +00:00
Roel Spilker
19 lines
1.3 KiB
HTML
19 lines
1.3 KiB
HTML
<#import "/_scaffold.html" as main>
|
|
<@main.scaffold title="Security Vulnerabilities">
|
|
<div class="page-header top5">
|
|
<div>
|
|
<div class="row">
|
|
<p>
|
|
Lombok is a build-time only dependency; there is no need for <code>lombok.jar</code> to be available when your application is run, it just needs to be there when you compile your code.
|
|
</p><p>
|
|
Therefore, lombok is highly unlikely to be a source of security vulnerabilities.
|
|
</p><p>
|
|
Nevertheless, if you have a concern or found a vulnerability, please disclose the vulnerability privately. We would like to coordinate with you so that we can release a fix for the vulnerability together with the disclosure of the vulnerability to the public. As an open source project we are not currently able to offer a monetary reward, but we will acknowledge your contribution (and we'll owe you a refreshing beverage of your choice, of course!), and work with you to set a reasonable timeline for a fix.
|
|
</p><p>
|
|
If you want to report a vulnerability, please contact the <a href="https://tidelift.com/security">tidelift security team</a>. Alternatively, you can contact us directly via <a href="mailto:security@projectlombok.org">security@projectlombok.org</a>.
|
|
</p>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</@main.scaffold>
|