We release patches for security vulnerabilities for the following versions:

The nanoid-java-benchmark team takes security bugs seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.

To report a security issue, please use the GitHub Security Advisory "Report a Vulnerability" tab.

The team will send a response indicating the next steps in handling your report. After the initial reply to your report, the security team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.

• Type of issue (e.g. buffer overflow, dependency vulnerability, etc.)
• Full paths of source file(s) related to the manifestation of the issue
• The location of the affected source code (tag/branch/commit or direct URL)
• Any special configuration required to reproduce the issue
• Step-by-step instructions to reproduce the issue
• Proof-of-concept or exploit code (if possible)
• Impact of the issue, including how an attacker might exploit the issue

We prefer all communications to be in English.

• We will respond to your report within 2 business days with our evaluation of the report and an expected resolution date
• If you have followed the instructions above, we will not take any legal action against you in regard to the report
• We will handle your report with strict confidentiality, and not pass on your personal details to third parties without your permission
• We will keep you informed of the progress towards resolving the problem
• In the public information concerning the problem reported, we will give your name as the discoverer of the problem (unless you desire otherwise)

This security policy applies to the nanoid-java-benchmark project only. For security issues in the underlying nanoid-java library, please refer to that project's security policy.