Granito takes the security of our code seriously. If you believe you have found a security vulnerability in the Concordion Integrations and Extensions project's code, please DO NOT disclose it publicly until we’ve had a chance to fix it. Please don’t report security vulnerabilities using GitHub issues, instead follow the instructions below to disclose it responsibly.
The latest two major releases will be supported for security updates as well as the upcoming major release (code in main branch).
In order to report a vulnerability, please open a draft security advisory to disclose your findings privately.
All JARs published on Maven Central are signed. The signing key is available at the following key servers: