| // ======================================================================== |
| // Copyright (c) 1995-2017 Mort Bay Consulting Pty. Ltd. |
| // ======================================================================== |
| // All rights reserved. This program and the accompanying materials |
| // are made available under the terms of the Eclipse Public License v1.0 |
| // and Apache License v2.0 which accompanies this distribution. |
| // |
| // The Eclipse Public License is available at |
| // http://www.eclipse.org/legal/epl-v10.html |
| // |
| // The Apache License v2.0 is available at |
| // http://www.opensource.org/licenses/apache2.0.php |
| // |
| // You may elect to redistribute this code under either of these licenses. |
| // ======================================================================== |
| |
| [[security-reporting]] |
| === Reporting Security Issues |
| |
| There are a number of avenues for reporting security issues to the Jetty project available. |
| If the issue is directly related to Jetty itself then reporting to the Jetty developers is encouraged. |
| The most direct method is to mail _security@webtide.com_. |
| Since Webtide is comprised of the active committers of the Jetty project this is our preferred reporting method. |
| We are generally flexible in how we work with reporters of security issues but we reserve the right to act in the interests of the Jetty project in all circumstances. |
| |
| If the issue is related to Eclipse or its Jetty integration then we encourage you to reach out to _security@eclipse.org_. |
| |
| If the issue is related to integrations with Jetty we are happy to work with you to identify the proper entity and either of the approaches above is fine. |
| |
| We prefer that security issues are reported directly to Jetty developers as opposed through GitHub Issues since it has no facility to tag issues as _private_. |