Patch releases for the 1.0 line will continue while the v1 wire format remains current.

Do not open a public GitHub issue for security reports. Email nficano@gmail.com with the subject [arcp-java security] and the body should include:

• A description of the vulnerability and its impact.
• Reproduction steps or a proof-of-concept (a failing test is ideal).
• The version (or commit SHA) you observed it on.
• Any environmental conditions (JDK version, transport, host adapter).

Acknowledgement target: within 48 hours of receipt. Fix or mitigation target: within 30 days for code-execution / data-exposure issues; within 90 days for denial-of-service / behavioral correctness issues.

You will receive an estimated patch date and a CVE identifier (if applicable) before the fix lands. The fix lands in a patch release tagged on GitHub and published to Maven Central; the security advisory is published on the repository's Security tab simultaneously.

The following areas are the load-bearing surface for an attacker who can speak ARCP to the runtime; reviewers and reporters should weight these heavily:

• BearerVerifier implementations: a permissive verifier admits anyone to the session. The acceptAny() default exists for development; production deployments wire staticToken(...) or a custom verifier.
• LeaseGuard.authorize: glob-pattern matching for fs.read, fs.write, net.fetch, tool.call. A bypass here lets an agent escape its lease.
• BudgetCounters: CAS-on-BigDecimal. Arithmetic precision is the integrity guarantee.
• SessionLoop.handleSubscribe and handleListJobs: cross-principal scope enforcement.
• Middleware allowedHosts / allowedOrigins on ArcpJakartaAdapter, ArcpVertxHandler, and the Spring Boot autoconfig: DNS-rebind defenses on the upgrade request.

• Bugs in the user-supplied Agent implementation.
• Bugs in user-supplied BearerVerifier implementations.
• Resource exhaustion from a trusted principal (rate limiting is a deployment concern, not an SDK guarantee).
• Vulnerabilities in transitive dependencies that the SDK does not surface to its consumers (report those to the upstream project).