Security fixes are not back-ported. Please make sure you are running at least the latest release version of jsoup.

Please remember that jsoup is an Open Source library and is provided without any warranty. Before using jsoup in a critical environment, you should satisfy yourself that it works correctly and securely for your needs.

If you believe or suspect you have identified a security vulnerability, please report it via the "Report a Vulnerability" button in Security Advisories. (Details)

We follow Coordinated Disclosure practices and ask that you do too.

Please provide as much detail as possible in your report, including the steps to reproduce the vulnerability and sample code.

Alternatively to using GitHub, or if you have a security question, please email security@jsoup.org.

We take all vulnerability reports seriously and strive to fix them as quickly as possible. Once we receive a report, we will verify the vulnerability and its impact. We will then work to develop and test a fix for the vulnerability, and release it as soon as possible.