Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[] Update on vulnerability reporting for Eclipse Foundation

Dear all,

We have recently been working on updating our vulnerability reporting process. The most visible reason is to move it out of Bugzilla. We also want to add more documentation so that it is easy to follow for people reporting and fixing security issues for the first time.

Our default way to report security issues is now mailing security@xxxxxxxxxxxxxxxxxxxxxx or creating an issue at

For projects on GitHub, we are running a pilot of using GitHub private advisories. If your project is interested, please create a Helpdesk ticket at

We are also working on enabling additional security-related features to projects. Stay tuned! You might see the security team being added to your projects as a side effect (hint: we need that to set up Security Managers in GitHub projects).

When you need help creating a security fix, discussing disclosure with security researchers, implementing best practices, or any other security question, we can help you. Reach out to us by email, ticket, Matrix...

Additional reading and watching:

The updated Handbook is available:

The recording of a webinar on this subject:

Kind regards,

Marta Rybczynska, for the Eclipse Foundation Security Team

Back to the top