Skip to content

Security: domkun/rdf4j

Security

SECURITY.md

Security Policy

Eclipse RDF4J follows the Eclipse Vulnerability Reporting Policy. Vulnerabilities are tracked by the Eclipse security team, in cooperation with the RDF4J project lead. Fixing vulnerabilities is taken care of by the RDF4J project committers, with assistance and guidance of the security team.

Supported Versions

Eclipse RDF4J supports security updates for the following releases:

Version Supported
current release
latest minor release before the current ✅(on request only)
latest major release before the current ✅(on request only)
anything older

For example if the current release is 4.1, we support security patches for 4.1.x (the current release) and 4.0.x (latest minor before current), as well as for 3.7.x (latest major before current), but not for 3.6.x or older. Security patches for the current release are provided proactively by the team, while patches for older supported releases are provided on request only.

Reporting a Vulnerability

We recommend that in case of suspected vulnerabilities you do not use the RDF4J public issue tracker, but instead contact the Eclipse Security Team directly via [email protected].

There aren’t any published security advisories