We provide security updates and patches for the latest version of our software:

If you discover a security vulnerability within CompactJV, please send an e-mail to our development team. Please don't disclose the vulnerability publicly until we've had a chance to address it.

We treat all security bugs seriously. Upon receipt of security reports, we will work to understand, validate, and respond to your report with an initial assessment and validation of the report within a reasonable time frame.

Your report will be acknowledged within 48 hours, and you’ll receive a more detailed response to your email within 96 hours indicating the next steps in handling your report.

After the initial reply to your report, we will keep you informed about the progress towards the resolution of the security issue, and may ask for additional information or guidance.

When we have fixed the issue and thoroughly tested the solution, we will notify you and provide a timetable for public disclosure. We kindly ask that you do not disclose the vulnerability before it has been fixed and you've heard back from us.

In general, we ask that you give us a reasonable amount of time to fix the issue before you publish it. Typically, we expect a period of 30 days between report and public disclosure.

We appreciate your effort in improving the security of CompactJV, and will acknowledge your contribution in the disclosure, unless you prefer to remain anonymous.

If you have suggestions on how this process could be improved please submit a pull request.