Have you found something that looks like a security issue in an Eclipse Foundation project? Here is a description of how to report them.
Method 1: Project-specific Instructions
First, look if the concerned project has SECURITY.md in its main repository. If it does, follow the instructions from that file.
Method 2: Eclipse Foundation Vulnerability Reports Tracking
Create a new issue using this form. The template contains sections to fill in; please include all information available.
Image
Click 'Create issue' at the end.
Method 3: Eclipse Foundation Mailing List
You can also send an email to security@eclipse-foundation.org. In this case, make sure you mention clearly which project is affected. Also, if you would like to be informed about the resolution, give your Eclipse ID.
