Security fixes are applied to the latest commit on the main branch. We do not maintain separate patch releases for older versions at this time.
| Version | Supported |
|---|---|
main (latest) |
Yes |
| Older branches | No |
Please do not open a public GitHub issue for security vulnerabilities.
Report security issues through one of the following channels:
- Email: Send details to security@zivtech.com
- GitHub Private Security Advisory: Use GitHub's private vulnerability reporting to submit a report confidentially
Please include as much of the following as possible to help us assess and address the issue quickly:
- A description of the vulnerability and its potential impact
- Steps to reproduce or a proof-of-concept
- Affected component(s) (e.g.,
joyus-ai-mcp-server,joyus-ai-state) - Any suggested mitigations you have identified
| Milestone | Target |
|---|---|
| Acknowledgment | Within 48 hours of receipt |
| Initial assessment and severity rating | Within 7 days |
| Resolution or mitigation plan communicated | Dependent on severity and complexity |
We will keep you informed throughout the process. Critical vulnerabilities are prioritized for immediate remediation.
We follow a coordinated disclosure approach. Please allow us a reasonable period to investigate and release a fix before any public disclosure. We will credit reporters who responsibly disclose issues, unless they prefer to remain anonymous.