Skip to content

Security: HtmlUnit/htmlunit

SECURITY.md

Security Policy

Reporting Potential Security Issues

If you have discovered a potential security vulnerability in this project, please report it privately. Do not disclose it as a public issue. This gives us time to work with you to fix the issue before public exposure, reducing the chance that the exploit will be used before a patch is released.

Please disclose it at our security advisory.

This project is maintained by a team of volunteers on a reasonable-effort basis. As such, vulnerabilities will be disclosed in a best effort base.

We will work with you to verify the vulnerability and fix it.

Policy

If we verify a reported security vulnerability, our policy is:

  • We will try to fix this on the current development branch.
  • After the fix, we will immediately made a new snapshot release available.
  • Depending on the vulnerability, we will publish a new release.

A security advisory will be released on the project website detailing the vulnerability, as well as recommendations for end-users to protect themselves.

Learn more about advisories related to HtmlUnit/htmlunit in the GitHub Advisory Database