We take security seriously at Jan. If you discover a security vulnerability, please follow these steps:

1. Do not open a public issue
2. Email us at [email protected] with details of the vulnerability
3. Include steps to reproduce the issue if possible
4. Allow us reasonable time to respond before any public disclosure

• We will acknowledge receipt of your report within 48 hours
• We will provide an estimated timeline for a fix
• We will notify you when the vulnerability is fixed
• We appreciate responsible disclosure and will credit researchers who report valid vulnerabilities

This security policy applies to all repositories under the Jan organization.