t.nbjavac.nb-javac.jdk-20+33.source-code.SECURITY.md Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of nb-javac Show documentation
Show all versions of nb-javac Show documentation
"nb-javac" is a patched version of OpenJDK "javac", i.e., the Java compiler. This has long been part of NetBeans, providing a highly tuned Java compiler specifically for the Java editor i.e., parsing and lexing for features such as syntax coloring, code completion.
# Reporting Security Vulnerabilities
Oracle values the independent security research community and believes that responsible disclosure of security vulnerabilities helps us ensure the security and privacy of all our users.
Please do NOT raise a GitHub Issue to report a security vulnerability. If you believe you have found a security vulnerability, please submit a report to [email protected] preferably with a proof of concept. We provide additional information on how to report security vulnerabilities to Oracle which includes public encryption keys for secure email.
We ask that you do not use other channels or contact project contributors directly.
Non-vulnerability related security issues such as great new ideas for security features are welcome on GitHub Issues.
# Security Updates, Alerts and Bulletins
Security updates will be released on a regular cadence. Many of our projects will typically release security fixes in conjunction with the Oracle Critical Patch Update program. Security updates are released on the Tuesday closest to the 17th day of January, April, July and October. A pre-release announcement will be published on the Thursday preceding each release. Additional information, including past advisories, is available on our Security Alerts page.
# Security-Related Information
We will provide security related information such as a threat model, considerations for secure use, or any known security issues in our documentation. Please note sample code (if any) are intended to demonstrate a concept and may not be sufficiently hardened for production use.