adf4j follows semantic versioning. Security fixes are released for the latest published version on Maven Central. Until 1.0.0, only the most recent release is supported.
Please do not open a public issue for security vulnerabilities.
Report privately through GitHub's Report a vulnerability form, which opens a private advisory visible only to the maintainers. If you cannot use that form, contact the maintainer listed in the POM developer section.
When reporting, please include:
- the affected version(s) and platform (library, native CLI, or WASM build),
- a description of the issue and its impact,
- a minimal ADF input or reproduction steps, if applicable.