Reporting Security Issues
The JNX03 team takes security bugs seriously. We appreciate your efforts to responsibly disclose your findings, and will make every effort to acknowledge your contributions.
To report a security issue, please email security@jnx03.xyz and include the word "SECURITY" in the subject line.
The JNX03 team will send a response indicating the next steps in handling your report. After the initial reply to your report, the security team will keep you informed of the progress towards a fix and full announcement, and may ask for additional information or guidance.
Security Response Process
- Security report received and assigned a primary handler
- Problem confirmed and a list of affected versions determined
- Code audited to find any similar problems
- Fixes prepared and tested
- Fixes deployed to production
- Public disclosure (if agreed with reporter)
Disclosure Policy
When the security team receives a security bug report, they will assign it to a primary handler. This person will coordinate the fix and release process, involving the following steps:
- Confirm the problem and determine the affected versions
- Audit code to find any potential similar problems
- Prepare fixes for all releases still under maintenance
- Coordinate with the reporter on an embargo date if applicable
Comments on This Policy
If you have suggestions on how this process could be improved, please submit a pull request or open an issue to discuss.