API Commons projects take security seriously. Please do not open public issues for vulnerabilities.

Report privately using the Security → Report a vulnerability tab on the affected repository, or email apicommons@gmail.com.

You can expect an acknowledgement within 3 business days, an assessment and remediation plan for confirmed issues, and credit in the release notes (unless you prefer to remain anonymous). Security fixes target the latest released version; older versions are not maintained.