Joda-Time Security

Security Policy

Supported Versions

If a security issue occurs, only the latest version is guaranteed to be patched.

Reporting a Vulnerability

To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.



This was raised publicly on 2024-04-10. There was no prior warning or private disclosure.

The CVE is nonsense. It was raised by an AI-driven bot. The CVE describes that a NullPointerException is thrown when null is passed into a method. As any Java developer knows, this is perfectly normal and not a security issue or CVE.

Users of Joda-Time do not need to take any action as the CVE is invalid.

Back to top

Version: 2.12.7. Last Published: 2024-04-15.

Reflow Maven skin.