Security fixes are handled on the default branch. This repository contains educational kata solutions, so release branches are not maintained separately.
Do not open a public issue for suspected vulnerabilities, exploit details, or credential leaks.
Report vulnerabilities through GitHub private vulnerability reporting: https://github.com/krotname/CodewarsKataJava/security/advisories/new
Include:
- affected version or commit,
- exact steps to reproduce,
- impact assessment,
- proposed mitigation if available.
The maintainer aims to acknowledge valid reports within 48 hours and provide a remediation timeline after the impact is confirmed.
For non-sensitive quality issues, use the public issue tracker.