This security policy applies to all modules in the DevCore project repository, including but not limited to:

• core, adventure, command, config, scheduler, packet, gui, event, cooldown, database, effect, entity, util, world, and scoreboard (including its NMS sub-modules).

We provide security updates for the current major version of DevCore and the Minecraft / Paper versions it actively targets.

DevCore currently provides version-specific implementations for:

• 1.21.x (e.g., 1.21.4, 1.21.1)
• 1.20.6

If you discover a security vulnerability within this project, please report it to us as soon as possible.

1. GitHub Private Vulnerability Reporting: Please use the GitHub Security Advisory feature to report vulnerabilities privately. This is our preferred method.

2. Alternative Method: If you cannot use the GitHub reporting feature, please reach out to the project maintainers via the contact information provided in the README.md or the project website.

To help us investigate and resolve the issue quickly, please provide:

• A clear description of the vulnerability.
• Steps to reproduce the issue.
• Potential impact and severity.
• Any suggested fixes or mitigations.

• Acknowledgement: We will acknowledge receipt of your report within 48-72 hours.
• Investigation: We will investigate the issue and determine its impact.
• Resolution: If confirmed, we will work on a fix and release it in a timely manner.
• Disclosure: We will coordinate a public disclosure with you after the fix is released.

Important: Please do not report security vulnerabilities through public GitHub issues or discussions. Use the private reporting methods described above.