We support the latest version of the codebase in the main branch. Security fixes will be applied to the most recent release.
If you discover a security vulnerability in this project, please report it responsibly.
Do NOT open a public GitHub issue for security vulnerabilities.
Instead, please use one of these methods:
-
GitHub Private Vulnerability Reporting: Use the "Report a vulnerability" button in the Security tab of this repository.
-
Email: Contact the maintainers directly (see repository contact information).
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)
- We will acknowledge your report within 7 days
- We will provide an estimated timeline for a fix
- We will notify you when the vulnerability is fixed
- We ask that you do not publicly disclose the vulnerability until we have had 90 days to address it
This security policy applies to:
- The jkp-data repository code
- The jkpfactors.com website infrastructure
This policy does NOT apply to:
- Data quality issues (use regular issue templates for those)
- Feature requests
- General bugs (use regular issue templates)
We appreciate security researchers who help keep our project safe. With your permission, we will acknowledge your contribution in our release notes.