1# Security Policy 2 3Last Updated: 2019-11-26 4 5## Supported Versions 6 7Current status of open branches, with new releases, can be found from [Jackson Releases](https://github.com/FasterXML/jackson/wiki/Jackson-Releases) 8wiki page 9 10## Reporting a Vulnerability 11 12The recommended mechanism for reporting possible security vulnerabilities follows 13so-called "Coordinated Disclosure Plan" (see [definition of DCP](https://vuls.cert.org/confluence/display/Wiki/Coordinated+Vulnerability+Disclosure+Guidance) 14for general idea). The first step is to file a [Tidelift security contact](https://tidelift.com/security): 15Tidelift will route all reports via their system to maintainers of relevant package(s), and start the 16process that will evaluate concern and issue possible fixes, send update notices and so on. 17Note that you do not need to be a Tidelift subscriber to file a security contact. 18 19Alternatively you may also report possible vulnerabilities to `info` at fasterxml dot com 20mailing address. Note that filing an issue to go with report is fine, but if you do that please 21DO NOT include details of security problem in the issue but only in email contact. 22This is important to give us time to provide a patch, if necessary, for the problem. 23