Eclipse RDF4J follows the Eclipse Vulnerability Reporting Policy. Vulnerabilities are tracked by the Eclipse security team, in cooperation with the RDF4J project lead. Fixing vulnerabilities is taken care of by the RDF4J project committers, with assistance and guidance of the security team.

Eclipse RDF4J supports security updates for the following releases:

We recommend that in case of suspected vulnerabilities you do not use the RDF4J public issue tracker, but instead contact the Eclipse Security Team directly via [email protected].