Skip to content

Security: OpenFeign/querydsl

SECURITY.md

Security Policy

Thank you for your interest in improving the security of OpenFeign Querydsl. We are committed to addressing security issues responsibly and transparently.

Supported Versions

We currently support the following versions of the project for security updates:

Version Supported
6.x
5.x and older

If you're using an unsupported version, we recommend updating to the latest 6.x release.

Reporting a Vulnerability

If you discover a security vulnerability, please follow these steps to report it responsibly:

  1. Do not open a public issue. Instead, report vulnerabilities through our GitHub Security Advisories.

    • Navigate to the Security tab of the repository.
    • Click Report a vulnerability.
    • Provide as much detail as possible about the issue, including:
      • Steps to reproduce the vulnerability
      • Potential impact
      • Relevant logs, screenshots, or details
      • A proposed fix (if available)
  2. Once submitted, the report will remain private and will be visible only to the maintainers of this repository.

  3. Allow us a reasonable timeframe to investigate and address the issue before publicly disclosing any details.

Security Update Process

  • Upon receiving a vulnerability report, we will acknowledge receipt within 3 business days.
  • Our team will assess and address the issue based on severity and impact.
  • Once resolved, we will release an updated version and disclose the issue in the release notes.

Scope of Vulnerabilities

We are particularly interested in:

  • Remote code execution (RCE)
  • Unauthorized access or data exposure
  • Denial-of-service attacks
  • Code injection vulnerabilities

We do not consider the following out-of-scope for this project:

  • Issues in dependencies (unless specific to this project's usage)
  • Security misconfigurations in end-user deployments

Contact Us

If you have any questions about this security policy, feel free to open a discussion in the repository.

Thank you for helping us make Querydsl more secure!

Learn more about advisories related to OpenFeign/querydsl in the GitHub Advisory Database