Only the latest release on Maven Central receives security updates. Patch releases are cut as needed for vulnerabilities.
| Version | Supported |
|---|---|
| 2.x | ✅ |
| < 2.0 | ❌ |
We take security bugs seriously. If you discover a vulnerability in JToon, please report it privately before disclosing it publicly.
How to report:
- Open a security advisory at: https://github.com/toon-format/toon-java/security/advisories/new
- Alternatively, email the maintainers via the contact information on the GitHub profile.
You should receive a response within very soon. If you don't, please follow up to ensure your message was received.
What to include:
- A clear description of the vulnerability
- Steps to reproduce (PoC preferred)
- Affected versions
- Potential impact
- Any suggested fix (if available)