To report a security issue, please use the "Report a vulnerability" button on
GitHub's Security tab for `jj`'s main repo, under
[Advisories](https://github.com/jj-vcs/jj/security/advisories).

Our vulnerability management team will respond within 3 working days of your
report. If the issue is confirmed as a vulnerability, we will open a Security
Advisory. This project follows a 90 day disclosure timeline.

Feel free to email Jujutsu VCS Security at <jj-security@googlegroups.com> if you
have questions.