Joda-Time Security
Security Policy
Supported Versions
If a security issue occurs, only the latest version is guaranteed to be patched.
Reporting a Vulnerability
To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.
CVEs
This was raised publicly on 2024-04-10. There was no prior warning or private disclosure.
The CVE is nonsense. It was raised by an AI-driven bot. The CVE describes that a NullPointerException is thrown when null is passed into a method. As any Java developer knows, this is perfectly normal and not a security issue or CVE.
Users of Joda-Time do not need to take any action as the CVE is invalid.