If you think you have found a security vulnerability, please send a report to opensca@anpro-tech.com. This address can be used for all of OpenSCA Community products (including but not limited to OpenSCA-cli, OpenSCA-IntelliJ-Plugins, OpenSCA-VSCode-Plugins and opensca.xmirror.cn) We Can accept only vulnerability reports at this address.
OpenSCA Community will send you a response indicating the next steps in handing your report. After the initial reply to your report, the security team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.
Important: we ask you to not disclose the vulnerability before it have been fixed and announced, unless yor received a reponse from the OpenSCA Community security team that you can do so.
We will post a summary, remediation, and mitigation details for any patch containing security fixes at OpenSCA blog.