Even though JavaBhaiLang is a local and experimental project, we still encourage responsible reporting of any suspicious behavior, vulnerabilities, or security concerns.
This project does not follow a formal release cycle.
However:
- The main branch is maintained
- Security issues will be reviewed and fixed on a best-effort basis
If you find any of the following:
- Unsafe or unexpected interpreter behavior
- Possible code injection or arbitrary execution
- Suspicious file system access
- Crashes triggered by crafted input
- Dependency-related security concerns
- Malicious activity in contributions
Please follow these steps:
Security vulnerabilities should be reported privately.
Email: [email protected]
(or use contact info on the GitHub profile)
Include:
- Description of the issue
- Steps to reproduce
- Expected vs actual behavior
- Potential impact
- Suggested fix (optional)
You will receive a response within 48β72 hours.
- The report will be verified
- A fix will be created
- A patched update will be published
- A security advisory may be issued (if necessary)
- You may be credited (optional)
- Avoid adding code that enables arbitrary Java execution
- Be careful with file I/O or external command usage
- Validate lexer/parser input handling
- Test grammar changes with edge-case input
- Do not commit secrets or credentials
- Keep changes modular and reviewable
Your efforts help keep JavaBhaiLang safe, fun, and maintainable.
Responsible disclosure is greatly appreciated.