The GraalVM team values the independent security research community and believes that responsible disclosure of security vulnerabilities in GraalVM helps us ensure the security and privacy of all our users.
If you believe you have found a security vulnerability, please submit a report to secalert_us@oracle.com preferably with a proof of concept. Please refer to Reporting Vulnerabilities for additional information including our public encryption key for secure email. We ask that you do not contact project contributors directly or through other channels about a report.
GraalVM Community Edition security updates will be released on a quarterly basis in conjunction with the Oracle GraalVM security updates that are part of the Oracle Critical Patch Update program. Security updates are released on the Tuesday closest to the 17th day of January, April, July and October. A pre-release announcement will be published on the Thursday preceding each Critical Patch Update release. For additional information including past advisories, please refer to Security Alerts.
Please refer to the GraalVM Security Guide for security related topics such as how to support trusted and less trusted code execution using the Truffle language framework, or compiler mitigations for transitive execution attacks. However please note that we do not currently support the execution of untrusted or adversarial code. Non-vulnerability related security issues may be discussed on GitHub Issues or the Security channel in the GraalVM Slack Workspace
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。