How to post and follow security issue


In December, I sent to a report about a known DoS vulnerability in one of libraries included in Payara. I haven’t got any reply and I can see that mentioned library has not been upgraded in 5.2022.1.

Does anyone know how such issues should be handled? Was I supposed to make a PR instead, or to report to another place? Or, maybe such upgrades could be delayed in community edition (for various reasons) and I should consider enterprise edition if I expect enterprise-level support?

Thank your in advance for reply.


Hi Robelcik,

Thank you very much for flagging this up. One of our engineers has replied to you on gitHub.