We release patches for security vulnerabilities. Currently supported versions:
| Version | Supported |
|---|---|
| 1.x.x | ✅ |
If you discover a security vulnerability within this project, please send an email to the project maintainer. All security vulnerabilities will be promptly addressed.
Please do not report security vulnerabilities through public GitHub issues.
Please include the following information in your report:
- Type of vulnerability
- Full paths of source file(s) related to the vulnerability
- Location of the affected source code (tag/branch/commit or direct URL)
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code (if possible)
- Impact of the issue, including how an attacker might exploit it
- We will acknowledge receipt of your vulnerability report within 48 hours
- We will provide a detailed response within 7 days, including next steps
- We will notify you when the vulnerability is fixed
- We may ask for additional information or guidance
When using this toolkit:
- Keep Dependencies Updated: Regularly update Checkstyle and google-java-format
- Review Auto-Fixes: Always review automatically applied fixes before committing
- Custom Configurations: Validate custom checkstyle.xml files from trusted sources only
- File Permissions: Ensure proper file permissions for configuration files
- CI/CD Integration: Use in isolated build environments when integrated into pipelines
- This tool modifies source files automatically. Always use version control and review changes.
- The tool requires read/write access to Java source files in your project.
- Custom Checkstyle configurations can execute custom checks; only use trusted configurations.
Thank you for helping keep this project secure!