| .. Licensed to the Apache Software Foundation (ASF) under one |
| or more contributor license agreements. See the NOTICE file |
| distributed with this work for additional information |
| regarding copyright ownership. The ASF licenses this file |
| to you under the Apache License, Version 2.0 (the |
| "License"); you may not use this file except in compliance |
| with the License. You may obtain a copy of the License at |
| |
| .. http://www.apache.org/licenses/LICENSE-2.0 |
| |
| .. Unless required by applicable law or agreed to in writing, |
| software distributed under the License is distributed on an |
| "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| KIND, either express or implied. See the License for the |
| specific language governing permissions and limitations |
| under the License. |
| |
| Reporting Vulnerabilities |
| ------------------------- |
| |
| **⚠️ Please do not file GitHub issues for security vulnerabilities as they are public! ⚠️** |
| |
| The Apache Software Foundation takes security issues very seriously. If you have any |
| concern around Apache NetBeans security or believe you have uncovered a vulnerability, |
| we suggest that you get in touch via the e-mail address security@apache.org. In the |
| message, try to provide a description of the issue and ideally a way of reproducing it. |
| The security team will get back to you after assessing the description. Please do not |
| discuss the vulnerability publicly until we've had time to assess and address. |
| |
| Note that this security address should be used only for undisclosed vulnerabilities. |
| Dealing with fixed issues or general questions on use should be handled via the |
| user and dev mailing lists. |
| |
| The `ASF Security team's page <https://www.apache.org/security/>`_ describes how |
| vulnerability reports are handled, and includes PGP keys if you wish to use that. |