Thank you for your interest in improving the security of OpenFeign Querydsl. We are committed to addressing security issues responsibly and transparently.

We currently support the following versions of the project for security updates:

If you're using an unsupported version, we recommend updating to the latest 6.x release.

If you discover a security vulnerability, please follow these steps to report it responsibly:

1. Do not open a public issue. Instead, report vulnerabilities through our GitHub Security Advisories.

   • Navigate to the Security tab of the repository.
   • Click Report a vulnerability.
   • Provide as much detail as possible about the issue, including:
     • Steps to reproduce the vulnerability
     • Potential impact
     • Relevant logs, screenshots, or details
     • A proposed fix (if available)

2. Once submitted, the report will remain private and will be visible only to the maintainers of this repository.

3. Allow us a reasonable timeframe to investigate and address the issue before publicly disclosing any details.

• Upon receiving a vulnerability report, we will acknowledge receipt within 3 business days.
• Our team will assess and address the issue based on severity and impact.
• Once resolved, we will release an updated version and disclose the issue in the release notes.

We are particularly interested in:

• Remote code execution (RCE)
• Unauthorized access or data exposure
• Denial-of-service attacks
• Code injection vulnerabilities

We do not consider the following out-of-scope for this project:

• Issues in dependencies (unless specific to this project's usage)
• Security misconfigurations in end-user deployments

If you have any questions about this security policy, feel free to open a discussion in the repository.

Thank you for helping us make Querydsl more secure!