There are a number of ways to report security issues to the Jetty project.

  • If the issue is directly related to Jetty itself then you are encouraged to report to the Jetty developers directly at Webtide employs the active committers of the Jetty project, so this is the preferred reporting method.

== We prefer you report any security issues directly to the Jetty developers via email rather than via GitHub Issues, as GitHub does not support private issues. ==
  • If the issue is related to Eclipse or its Jetty integration then we encourage you to reach out to

  • If the issue is related to some third party integration, we are happy to work with you to identify the proper reporting entity and work with them to properly address the issue. In this case, you are welcome to contact either of the above outreach addresses.

We are generally flexible in how we work with reporters of security issues from an attribution perspective, but reserve the right to act in the interests of the Jetty project in all circumstances.