The devonfw team is commited to keep its projects and – by extension – the users of these projects safe from information security risks. For this reason, all our GitHub repositories are monitored by an instance of Dependabot, which notifies the responsible product/project owners, as soon as known security vulnerabilities are detected.
Although this covers most vulnerabilities introduced by external or third-party dependencies, there is still a chance that flaws in the code of our framework components inadvertently introduce other vulnerabilities or exposures.
If you suspect to have found such an issue, we implore you to directly contact our support team at [email protected]. In less severe cases you may open a new issue report in the affected repository. If applicable, please provide the related CVE identifier(s) in your report.