Please report (suspected) security vulnerabilities to basyx-dev@eclipse.org. You will receive a response from us within 48 hours. After the initial reply, we will keep you updated on the progress towards a fix and full announcement, and may ask for additional information or guidance.
We ask all security researchers to keep vulnerabilities and communications around vulnerability submissions confidential until we resolve the issue. We will provide a public acknowledgment after the issue is resolved.
If you report a security issue that we confirm and fix, we may acknowledge your contribution in the release notes for the fix.