Skip to content

Create SECURITY.md for security policy #7751

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Dedal0 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Create SECURITY.md for security policy #7751

Dedal0 wants to merge 1 commit into from
+21 −0

Conversation

@Dedal0
Copy link

@Dedal0 Dedal0 commented Nov 4, 2025

Added a security policy document outlining supported versions and vulnerability reporting, so vulnerabilities can be reported.

Description

Important Info

Blockers

Testing

New tests

Testing Performed

Testing Environment

Documentation

Notes for Reviewers

@Dedal0
Create SECURITY.md for security policy
ba9249c 
Added a security policy document outlining supported versions and vulnerability reporting, so vulnerabilities can be reported.
@Dedal0
Copy link
Author

Dedal0 commented Nov 14, 2025

Hello,

I've tried to contact to contact security team to report a security issue but no answer when sent to the email address security[[at]]payara[d0t]fish.

Please confirm the actual process.

@Pandrex247 Pandrex247 added the PR: Awaiting CLA Contributor does not have a CLA or has submitted an unconfirmed CLA. label Nov 20, 2025
@Pandrex247
Copy link
Member

Pandrex247 commented Nov 20, 2025

@RamyaBill @deetewari @MeroRai FYI as you'll know the process better than I

@Dedal0
Copy link
Author

Dedal0 commented Dec 2, 2025

38 days since my first contact mail to security at payara dot fish. Is that the correct email address? The report includes all details about the vulnerability. Please confirm... The impact is relevant.

@MeroRai
Copy link
Member

MeroRai commented Dec 5, 2025

@Dedal0, thank you for your report. You can find our current policies on how Payara handles security issues here: https://docs.payara.fish/community/docs/Security/Overview.html. As outlined there, the correct process is to email any identified flaws or vulnerabilities to security@payara.fish. You’ve already done that, and our team is currently reviewing your submission.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

PR: Awaiting CLA Contributor does not have a CLA or has submitted an unconfirmed CLA.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Dedal0 @Pandrex247 @MeroRai