| Version | Supported |
|---|---|
| Latest minor release | ✅ |
| Previous releases | ❌ |
Only the latest minor release receives security patches. Users are encouraged to upgrade to the latest version.
Please do not report security vulnerabilities through public GitHub issues.
Instead, use GitHub Private Vulnerability Reporting to submit a report. This ensures the vulnerability can be assessed and addressed before public disclosure.
- A description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Suggested fix (if any)
- Initial response: within 7 days
- Fix development: best effort, targeting 30 days
- Public disclosure: coordinated disclosure after the fix is released (maximum 90 days)
This project follows a coordinated disclosure process:
- The reporter submits a vulnerability via GitHub Private Vulnerability Reporting
- The maintainers acknowledge receipt within 7 days
- A fix is developed and tested
- A new release is published with the fix
- The vulnerability is publicly disclosed via a GitHub Security Advisory
This policy covers the following packages published to Maven Central:
io.github.seijikohara:logback-access-spring-boot-starter-coreio.github.seijikohara:logback-access-spring-boot-starter