# Security Policy

## Reporting a Vulnerability

Please do **not** report security vulnerabilities through public GitHub issues.

Please report vulnerabilities to this repository via **GitHub security advisories** instead.

How? Inside affected repository --> security tab

for contributor:
--> Report a vulnerability

for committer:
--> advisories --> New draft security advisory

In severe cases, you can also report a found vulnerability via mail or eclipse issue here: https://www.eclipse.org/security/

See [Eclipse Foundation Vulnerability Reporting Policy](https://www.eclipse.org/projects/handbook/#vulnerability)