The following versions of Jason are currently being supported with security updates:
| Version | Supported |
|---|---|
| 1.x.x | ✅ |
| < 1.0.0 | ❌ |
We take the security of Jason seriously. If you believe you've found a security vulnerability, please follow these steps:
- Email: Send a detailed report to auri.js.dev@gmail.com
- GitHub: For less sensitive issues, you can open a GitHub issue with the label "security" (please avoid including exploit details in public issues)
- Description of the vulnerability
- Steps to reproduce the issue
- Affected versions
- Potential impact
- Any possible mitigations you've identified
- You'll receive an acknowledgment of your report within 48 hours
- Our team will investigate and validate the issue
- We'll provide regular updates on our progress (at least weekly)
- Once resolved, we'll notify you and discuss appropriate disclosure
- We follow a coordinated disclosure process
- Security issues will be addressed as quickly as possible
- Public disclosure will be made after a patch is available and users have had reasonable time to update
We currently do not offer a formal bug bounty program, but we do acknowledge security researchers in our release notes with their permission.
Thank you for helping keep Jason and its users safe!