HTTP/2 301
server: AkamaiGHost
content-length: 0
location: https://openjdk.org/groups/vulnerability/report
date: Sat, 19 Jul 2025 05:16:46 GMT
HTTP/2 200
content-type: text/html
last-modified: Thu, 05 Jun 2025 17:17:57 GMT
vary: Accept-Encoding
etag: "6841d145-268b"
content-security-policy-report-only: default-src 'self' *.openjdk.java.net feedburner.google.com; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' feeds.feedburner.com *.statcounter.com statcounter.com; img-src 'self' data: *.statcounter.com *.openjdk.java.net feedburner.google.com; frame-ancestors 'none'; report-uri https://openjdk.report-uri.io/r/default/csp/reportOnly
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
x-akamai-transformed: 0 - 0 -
content-encoding: gzip
date: Sat, 19 Jul 2025 05:16:47 GMT
content-length: 2841
set-cookie: _abck=F4C00F6F688F0F223CD74F8254BA9B1C~-1~YAAQNAHAReW4AR2YAQAAnQYdIQ6sWu8xULJ/z7cO3nVvKbBELIDv1MFwRa2OElnEwxyxlDDMGg0/3zoNHKkmjVZquPgQE3h9UauADlEpF1DbnpoWa00s8+rdVEOWIwhfVkrboa77k9tFDcSdpE9ufUR6BDyoKy42sdniXO2ziY5+eqcpUj9F3fQAi399agcweWoiesjgX9/kiOHqOLViBRaO8LUcAT+v3Ad0Y1j240sN0N39rOUesttBs7Z89kE8im6JCaGaBeP0djIcCq6FnObICAbEbOuwJoRwLEOsHZzMw41UAdckKvHy15mIjEApybL/o84TwpNAHAVEV3uoa9OeX4+Fc+gwIq5JLhq2wcHMOf3N8OBxsfeqXfHJ8EZ9qPPWZh7Fr6aWffA4itw9zbTLq8Z3KwanGRC/u05jPbqy6e9NoYU67DCxbCngem8p4o68ths=~-1~-1~-1; Domain=.openjdk.org; Path=/; Expires=Sun, 19 Jul 2026 05:16:47 GMT; Max-Age=31536000; Secure
set-cookie: bm_sz=621DE16A7C5E9FB8E91C09180C00640F~YAAQNAHARea4AR2YAQAAnQYdIRwrcC7NJ6C/JL1+8GhROh1lBniGzzLIdj2n+LPrAz7/DrKQAc5Mid8F95KOiWD7jdBbG8LezhlahdVhQmTkyiNfXN17P7ODhfOHC7/aVY9FjTJ7qoaJarDpMxysjZ83to6fRinIxR5iQwbkgxlTYaDXppkT0rfyFDSxKmg06Qhs7syadDmAGsgmuWehda/vFt/GZLYKrQwXmwv46AifJu1Gv6980y8aZvpoNcLlILUkzewWgzTk74wJjCkqYESqQP/6R/FPRCMJDEQAKtCfSZaEaydkM1ISAj4lMZcI610BM1h+lap5JzOQx6jc4lpC+j8ghEGfBXOenMfvZyTjlmRNIv8Qzyo=~3551289~4407622; Domain=.openjdk.org; Path=/; Expires=Sat, 19 Jul 2025 09:16:46 GMT; Max-Age=14399
OpenJDK Vulnerabilities
Vulnerabilities in OpenJDK source code are handled by the
OpenJDK Vulnerability Group,
who coordinate fixes and releases.
How to report a vulnerability
We welcome reports of vulnerabilities in the JDK. To submit a
report, please send e-mail to vuln-report@openjdk.org.
We prefer mail encrypted with our report encryption key.
Please include as much detail as is reasonable, e.g., the output of
the java -version command, a proof-of-concept (PoC)
program, crash logs, and relevant environment and configuration
information.
Vulnerability reports that you submit are covered by the
OpenJDK Web Site Terms of Use.
Oracle values the members of the independent security research
community who find security vulnerabilities and work with Oracle so
that security fixes can be issued to all customers. Oracle's policy
is to credit all researchers in the Critical Patch Update Advisory
document when a fix for the reported security bug is issued. In
order to receive credit, security researchers must follow
responsible disclosure practices, including:
-
They do not publish the vulnerability prior to Oracle releasing
a fix for it
-
They do not divulge exact details of the issue, for example,
through exploits or proof-of-concept code
Advisories
Current and previous advisories are available for
reference.
Last update: 2019/7/17 21:29 UTC
