Please do NOT open a public issue for security vulnerabilities.
If you discover a security vulnerability in JARVIS, please report it responsibly:
-
GitHub Private Vulnerability Reporting (Preferred) Go to the Security tab of this repository and click "Report a vulnerability".
-
Email Send details to hyhmrright@gmail.com.
Please include:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
| Action | Timeline |
|---|---|
| Acknowledgment | Within 72 hours |
| Initial assessment | Within 1 week |
| Fix release | Depends on severity |
| Version | Supported |
|---|---|
Latest on main |
Yes |
dev branch |
Best effort |
| Older releases | No |
This policy applies to:
- JARVIS backend (FastAPI, Python)
- JARVIS frontend (Vue 3, TypeScript)
- Docker configuration and deployment
- Authentication and encryption (JWT, bcrypt, Fernet)
- Database access and API endpoints