To report a security issue, please use the "Report a vulnerability" button on GitHub's Security tab for jj's main repo, under Advisories.

Our vulnerability management team will respond within 3 working days of your report. If the issue is confirmed as a vulnerability, we will open a Security Advisory. This project follows a 90 day disclosure timeline.

Feel free to email Jujutsu VCS Security at [email protected] if you have questions.