Vulnerability report

Report issues using encrypted e-mails

How to report a vulnerability

We focus on fixing vulnerabilities in our products promptly and welcome the reports.
To submit a report please send an email encrypted with our report encryption key to [email protected]. For safety reasons we can only receive encrypted emails.

Before sending a report please check if the issue is included and\or solved in our Advisory.

When you describe an issue please add the following details:

  • The name and version of a product (for example, Liberica JDK 17 17.0.11+10 x86 64 for Windows)
  • Crash logs if available
  • Your code if it causes an issue
  • Your configuration
  • Text description of an issue

We would like to thank you in advance for submitting a vulnerability report. We aim to release the fixes for all of our products, including Liberica JDK, Liberica NIK, and Alpaquita Linux, as fast as possible. After we fix the issue for our clients, we include the solution into the next public release or critical update for all users. For security reasons we ask you to not publish the vulnerability until the fix is available.