We provide security updates for the following versions:

We take the security of Jen.js seriously. If you discover a security vulnerability, please do NOT open a public issue. Instead, report it privately.

1. Email your report to security@jen.js.org (if available) or open a private security advisory on GitHub.
2. Include a detailed description of the vulnerability, steps to reproduce, and any potential exploits.
3. We will acknowledge your report within 48 hours and provide a timeline for a fix.

This policy applies to all core packages in the packages/ directory and core logic in crates/.

Jen.js aims for high security standards out of the box, including:

• NIST SP 800-44 compliance for server hardening.
• OWASP ASVS L1 compliant security headers.

We appreciate your help in keeping Jen.js secure!