Skip to content

Commit

Permalink
Create SECURITY.md
Browse files Browse the repository at this point in the history
Initial SECURITY.md containing GPG signing key.
  • Loading branch information
mkarg authored May 20, 2024
1 parent 0c89c10 commit 6c96ec5
Showing 1 changed file with 28 additions and 0 deletions.
28 changes: 28 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
# Security Policy

## Supported Versions

| Version | Supported | GPG Signing Key |
| ---------------- | ------------------ | ---------------- |
| 1.83 | :white_check_mark: | 31D2D79DF7E85DD3 |
| 1.82 and earlier | :x: | ? |

## Reporting a Vulnerability

If you find a security vulnerability, please [open a Github issue](https://github.com/cbeust/jcommander/issues).

We will try to publish a security fix on Maven Central ASAP after you reported it.

There will be no frequently scheduled security updates.

## GPG Signature Validation

All artefacts are published on the Maven Central Repository accompanied by an *.asc GPG signature file.

The GPG signing key used since v1.83 is found on [keyserver.ubunto.com](https://keyserver.ubuntu.com/pks/lookup?search=1D85469D8559C2E1DF5F925131D2D79DF7E85DD3&fingerprint=on&op=index):
```
pub rsa3072 2023-08-04 [SC] [expires: 2025-08-03]
1D85 469D 8559 C2E1 DF5F 9251 31D2 D79D F7E8 5DD3
uid [ultimate] Markus KARG <[email protected]>
sub rsa3072 2023-08-04 [E] [expires: 2025-08-03]
```

0 comments on commit 6c96ec5

Please sign in to comment.