The latest stable release of the JOOservices DTO Library is supported for security fixes.
Older releases may be unsupported unless maintainers explicitly state otherwise in release notes or repository documentation.
Do not open public GitHub issues for suspected vulnerabilities.
Report security concerns privately to admin@jooservices.com with:
- a clear summary of the issue
- affected package version(s)
- impact and expected risk
- reproduction details or proof of concept when available
If you are unsure whether a report is security-related, contact maintainers privately first.
Maintainers will acknowledge reports as soon as they can.
Investigation, validation, and any fix or coordinated disclosure timeline will depend on severity, exploitability, and release risk. No guaranteed SLA is promised.
This policy covers security issues in repository-managed behavior such as:
- DTO hydration and mapping
- casting and validation paths
- serialization and normalization behavior
- collection behavior
- dependency and CI or security-workflow configuration issues that affect package consumers or repository integrity
Normal bugs, feature requests, questions, and documentation improvements should use the standard GitHub issue templates instead of private security reporting.