Eclipse Dataspace Components (EDC) follows the Eclipse Vulnerability Reporting Policy. Vulnerabilities are tracked by the Eclipse security team, in cooperation with the EDC project lead. Fixing vulnerabilities is taken care of by the EDC project committers, with assistance and guidance of the security team.
Eclipse Dataspace Components supports security updates for the latest published release. Please refer to the GitHub Releases page to inspect the latest version.
We recommend that in case of suspected vulnerabilities you do not use the EDC public issue tracker, but instead contact the Eclipse Security Team directly via security@eclipse.org.