| Version | Supported |
|---|---|
| 0.1.x | ✅ |
If you discover a security vulnerability in the OJS Java SDK, please report it responsibly.
Do NOT open a public GitHub issue for security vulnerabilities.
Instead, please report vulnerabilities by emailing security@openjobspec.org.
Include the following information:
- A description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Any suggested fixes (optional)
- Acknowledgment: Within 48 hours
- Initial Assessment: Within 5 business days
- Fix & Disclosure: Coordinated with the reporter
This policy applies to the OJS Java SDK codebase. For vulnerabilities in the OJS specification itself or other OJS projects, please report them to the appropriate repository.
We appreciate security researchers who help keep our project safe. Contributors who report valid security issues will be acknowledged in our release notes (unless they prefer to remain anonymous).