Security fixes are handled on the default branch and the latest public release line.
Do not open a public issue for suspected vulnerabilities, exploit details, protocol abuse cases, or credential leaks.
Report vulnerabilities through GitHub private vulnerability reporting: https://github.com/krotname/JavaNetworkChat/security/advisories/new
Include:
- affected version or commit,
- reproduction steps,
- network/protocol payloads with secrets redacted,
- impact assessment,
- suggested mitigation if available.
The maintainer aims to acknowledge valid reports within 48 hours and provide a remediation timeline after the impact is confirmed.
This policy applies to application code, protocol handling, server lifecycle code, and CI configuration.