Chronicle Software takes the security of our software seriously. If you believe you have found a security vulnerability in any Chronicle / OpenHFT library, we encourage you to report it to us responsibly.
Please do not report security vulnerabilities through public GitHub issues, pull requests, or discussions.
Instead, please email full details to:
To help us triage and resolve the issue quickly, please include where possible:
- The product/library and version affected (e.g. Chronicle Queue 5.x).
- A description of the vulnerability and its potential impact.
- Steps to reproduce, including any proof-of-concept code or configuration.
- Any known mitigations or workarounds.
- We will acknowledge receipt of your report as soon as possible.
- We will investigate and keep you informed of our progress.
- We ask that you give us a reasonable period of time to investigate and remediate an issue before any public disclosure, so that users can be protected.
We appreciate your efforts to disclose your findings responsibly and will make every effort to acknowledge your contribution.