Skip to content

Security: GeoCat/geotools

SECURITY.md

Security Policy

Supported Versions

Version Supported Policy
29.x Supported branch (6 months from initial release)
28.x ⚠️ Maintenance branch (6 additional months)
27.x Unsupported (volunteers release as needed)
26.x Unsupported (volunteers release as needed)

Reporting a Vulnerability

As a Java library we often find vulnerabilities are reported by downstream (and thus user facing) projects.

  • GeoTools uses GitHub security option for private vulnerability reporting
  • To discuss vulnerabilities attend our bi-weekly video chat meeting (see developer list for meeting invite).
  • GeoTools is an Open Source Geospatial Foundation project, the geotools project officer can be emailed directly if you are unable to attend meeting above.

To allow downstream projects an opportunity to upgrade the GeoTools issue tracker uses placeholder issues (with no description or details). Details are added when fix is available in the supported and maintenance branches listed above.

There aren’t any published security advisories