mirror of
https://github.com/martinvonz/jj.git
synced 2025-05-05 15:32:49 +00:00
The previous "on this page" statement is wrong more often than not. Unfortunately there is no "Report a vulnerability" button on https://github.com/jj-vcs/jj/security/policy, and looking for such a button from https://github.com/jj-vcs/jj?tab=security-ov-file leads to confusion. This is not the end of the world, but I don't see much security downside to clarifying it (that is, I don't think *not* having a link protects against phishing in any real way).
507 B
507 B
To report a security issue, please use the "Report a vulnerability" button on
GitHub's Security tab for jj
's main repo, under
Advisories.
Our vulnerability management team will respond within 3 working days of your report. If the issue is confirmed as a vulnerability, we will open a Security Advisory. This project follows a 90 day disclosure timeline.
Feel free to email Jujutsu VCS Security at jj-security@googlegroups.com if you have questions.