• Share this article:

How to Report a Security Issue in an Eclipse Foundation Project?

Friday, June 30, 2023 - 01:17 by Marta Rybczynska

Have you found something that looks like a security issue in an Eclipse Foundation project? Here is a description of how to report them.

Method 1: Project-specific Instructions

First, look if the concerned project has SECURITY.md in its main repository. If it does, follow the instructions from that file.

Method 2: Eclipse Foundation Vulnerability Reports Tracking

Create a new issue using this form. The template contains sections to fill in; please include all information available.

The form to report a potential security vulnerability

Click 'Create issue' at the end.

Method 3: Eclipse Foundation Mailing List

You can also send an email to security@eclipse-foundation.org. In this case, make sure you mention clearly which project is affected. Also, if you would like to be informed about the resolution, give your Eclipse ID.