Eclipse Graphiti follows the Eclipse Vulnerability Reporting Policy. Vulnerabilities are tracked by the Eclipse security team, in cooperation with the Graphiti project lead. Fixing vulnerabilities is taken care of by the Graphiti project committers, with assistance and guidance of the security team.
Eclipse Graphiti supports security updates for the following releases:
We recommend that in case of suspected vulnerabilities you do not use the Graphiti public issue tracker, but instead contact the Eclipse Security Team directly via firstname.lastname@example.org.