We value security of our assembler, nothing's perfect, and we acknowledge that there can be security vulnerabilities inside our code. Therefore, please follow the guidelines to report vulnerabilities and critical security issues. We'll aim to get back to any security issue or vulnerability within 7 days of submission.
Some vulnerabilities are critical and people may use it to their advantage go affect the stable versions, that means, some vulnerabilities must be reported by the means of email and other more private ways to prevent it from leaking into the hands of "bad-actors". This table below outlines the methods of reporting security vulnerabilities to the Jas assembler.
| Version | How to report |
|---|---|
| > 1.x.y | Report via email and safe forms |
| 0.x.y | Report via Github issues |
If you are reporting for > 1.x.y versions, please send your emails to eventide+security@gmail.com. Write it up as if you are doing it for a Github issue, feel free to use issue templates or other resources online.