Eclipse Ditto follows the Eclipse Vulnerability Reporting Policy. Vulnerabilities are tracked by the Eclipse security team, in cooperation with the Ditto project leads. Fixing vulnerabilities is taken care of by the Ditto project committers, with assistance and guidance of the security team.

Eclipse Ditto WoT tooling provides security updates for the two most recent minor versions.

Please report a found vulnerability here: https://www.eclipse.org/security/