Generally speaking, Honeypot will be built on the current LTS version of Java or the minimum supported LTS version of Java for MC, whichever is older. Currently, Honeypot is built on Java 17.

Previously I had decided that Honeypot's most recent revision would get feature and security updates, and the previous minor version would get security updates, with anything older getting no support. I cannot support that any longer due to time constraints, so any updates to security will only be made in the latest version. There will be no backwards compatibility. As soon as an update is released, that becomes the only supported version. I may make exceptions to this, as I want my plugin accessible to everyone! However, I simply cannot support multiple versions at once. Thank you for understanding! ❤️

Reporting a vulnerability is extremely simple. Click this link to open a new security advisory. This will be privately sent to the developers of Honeypot and will be reviewed as soon as received. If the flaw is deemed applicable, a fix will be released as soon as possible.

DO NOT OPEN AN ISSUE FOR SECURITY VULNERABILITIES! Not only will these be immediately closed and removed, but releasing information on security vulnerabilities without first attempting to notify the proper channels can be extremely detrimental to people who use this software. (See SlickWraps Data Breach. The person who discovered the breach "sent a subtle tweet, anticipating that the “Security Researcher, White Hat Hacker” designation in [their] Twitter bio would be sufficient enough to spark a line of communication" instead of properly disclosing it, causing others to attempt to breach SlickWraps as well).

Proper disclosure is crucial in these situations. I will do my absolute best to ensure security vulnerabilities are fixed, but doing so properly gives me the chance to fix it before it's abused.