Tip
To discuss issues privately, reach out via openapi2javarecords@protonmail.com.
| Version | Supported |
|---|---|
| 3.x | ✅ |
| 2.x | ✅ |
| < 2.0 | ❌ |
Caution
If you discover a potential security vulnerability within the .mustache templates of this project, please do not use the public issue tracker. Instead, follow these steps:
Please report vulnerabilities by opening a Draft Security Advisory on GitHub. Or, provide details via openapi2javarecords@protonmail.com.
You can expect an initial acknowledgement of your report within 48–72 hours.
Once a fix is ready and a new version is published, a public security advisory will be released to credit your discovery and notify the community.
Note
This allows for a private conversation between you and the maintainer. You may opt-out of the credit and remain anonymous, if desired.
Caution
Since these templates are used for code generation, users should adhere to the following:
- Inspect OpenAPI Spec
- Ensure your source OpenAPI specification files are from a trusted source.
- Dependency Management
- Use Dependabot or similar tools to stay updated with the latest template versions.
- Only retrieve these
.mustachetemplates from Official Sources!- GitHub Packages
- Maven Central
- Review Files Used When Generating
- ALWAYS secure that input-files (such as
.mustachefiles) are authentic, that no unexpected files are downloaded and/or retrieved, and only trusted files are used for code generation. - It is recommended to explicitly state what files you expect to retrieve from this project, i.e., do not retrieve any arbitrary files like:
*/*or*.mustache. - Instead, import these files located in
templates/explicitly:generateBuilders.mustachejavadoc.mustachelicenseInfo.mustachemodelEnum.mustachepojo.mustacheuseBeanValidation.mustache
- ALWAYS secure that input-files (such as
- Review Generated Code
- ALWAYS secure that resulting files - whether new, modified or removed - are as expected.