Ths file describes how security issues are handled in the Vonage Java SDK.

Only the latest version of the SDK is supported. The timeline for fixing issues is within the next two releases of it being reported and fixed. This is to cover the scenario where an issue is reported just before or after a planned release, to allow time for the fix to be included in the next release.

To report a security concern, use the "Report a Vulnerability" tab. You can also contact the Developer Relations team directly via email for more private disclosure. You can also raise an Issue and/or create a Pull Request from your fork of the repo. Please include as much detail as possible, an indication of severity and, ideally, a minimal reproducible example to demonstrate the issue if possible.