We value security of our assembler, nothing’s perfect, and we acknowledge that there can be security vulnerabilities inside our code. Therefore, please follow the guidelines to report vulnerabilities and critical security issues. We’ll aim to get back to any security issue or vulnerability within 7 days of submission.

Some vulnerabilities are critical and people may use it to their advantage go affect the stable versions, that means, some vulnerabilities must be reported by the means of email and other more private ways to prevent it from leaking into the hands of “bad-actors”. This table below outlines the methods of reporting security vulnerabilities to the Jas assembler.

| Version | How to report | | --- | --- | | > 1.x.y | Report via private emailing | | 0.x.y | Report on the mailing list |