Title: Found a Bug
## Found a Bug?
If you think you've found a problem with OpenJPA, there are several ways to
proceed.
You can begin by raising the issue on the OpenJPA User or Developer mailing
lists (see [Mailing Lists](mailing-lists.html)
).
You can also search JIRA, our issue-tracking system, to see if the problem
has already been noted (visit [JIRA](http://issues.apache.org/jira/browse/OPENJPA)
). If the issue is not listed there, you can add a new JIRA issue
describing it. Please include detailed steps to reproduce the problem.
If you have a fix for the issue, you can generate a patch file to send the
fix to us. You need to check out the current source code from Subversion
(see [Source Code](source-code.html)
), make the necessary changes (see [Coding Standards](coding-standards.html)
), and then do a full build with all tests enabled (see [Building](building.html)
) and make sure the unit tests runs as expected (try to run a full build),
maven clean install
and of course, confirm that the problem is
actually fixed. Then, go to the root directory of your OpenJPA checkout,
and run a command like
svn diff > OPENJPA--.patch
to generate a patch file.
To submit a patch, create an issue in JIRA that describes the problem, add
your patch file as an attachment (don't forget to select the "Grant license
to ASF for inclusion in ASF works" option), and then edit the JIRA to
select the [Patch Available](https://issues.apache.org/jira/secure/IssueNavigator.jspa?mode=hide&requestId=12313253)
check box. Please include detailed steps to reproduce the problem in the
issue description, and a test case in the patch where possible (see [Testing](testing.html)).
For larger contributions, like new features or more complex bug fixes, you
should also have an [Individual Contributor License Agreement](http://www.apache.org/licenses/#clas)
on file with the ASF.
Thanks for working with us to improve Apache OpenJPA!
## Reporting Security Vulnerabilities
The Apache Software Foundation takes a very active stance in eliminating
security problems and denial of service attacks against the code we
provide.
We strongly encourage folks to report any such problems discovered in
OpenJPA to our private PMC mailing list [mailto:private@openjpa.apache.org](mailto:private@openjpa.apache.org.html)
first, before disclosing them in a public forum.
Please note that the private PMC mailing list should only be used for
reporting undisclosed security vulnerabilities and managing the process of
fixing such vulnerabilities until they are made public. We will not accept
regular bug reports or other general user queries at this address.
If you need to report a bug that is already a disclosed security
vulnerability, please use the regular bug reporting process above.
Questions about:
* how to securely configure OpenJPA
* if a vulnerability applies to your particular application or OpenJPA level
* obtaining further information on a published vulnerability
* availability of patches and/or new releases
should be address to the users mailing list. Please see the [Mailing Lists](mailing-lists.html)
page for details of how to subscribe.