Please do not report security vulnerabilities through public GitHub issues.
Please report vulnerabilities to this repository via GitHub security advisories instead.
How? Inside affected repository → security tab
for contributor:
→ Report a vulnerability
for committer:
→ advisories → New draft security advisory
In severe cases, you can also report a found vulnerability via mail or eclipse issue here: https://www.eclipse.org/security/