If you think that you have found a security vulnerability, please report it to this email address: feedback-crypto@bouncycastle.org
Describe the issue including all details, for example:
- Short summary of the problem
- Steps to reproduce
- Affected API versions
- Logs if available
The Bouncy Castle team will send a response indicating the next steps in handling your report. You may be asked to provide additional information or guidance.
If the issue is confirmed as a vulnerability, we will open a Security Advisory and acknowledge your contributions as part of it. Optionally, you can have your name and contact information listed in Contributors as well.
Please note we endeavor to issue patched releases that deal with security issues as soon as they are made known to us, ideally prior to issuing a Security Advisory where otherwise possible. In some cases, particularly if it relates to a FIPS release, delays due to external processes may delay the issuing of a Security Advisory.